AUTHENTICATED 
US. GOVERNMENT 
INFORMATION ^ 


S. Hrg. 110-286 

SARBANES-OXLEY AND SMALL BUSINESS: AD- 
DRESSING PROPOSED REGULATORY CHANGES 
AND THEIR IMPACT ON CAPITAL MARKETS 


HEARING 

BEFORE THE 

COMMITTEE ON SMALL BUSINESS 
AND ENTREPRENEURSHIP 

UNITED STATES SENATE 

ONE HUNDRED TENTH CONGRESS 

FIRST SESSION 

April 18, 2007 

Printed for the use of the Committee on Small Business and Entrepreneurship 



Available via the World Wide Weh: http://www.access.gpo/gov/congress/senate 


U.S. GOVERNMENT PRINTING OFFICE 
39-880 PDF WASHINGTON : 2008 


For sale by the Superintendent of Documents, U.S. Government Printing Office 
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 
Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC 20402-0001 


COMMITTEE ON SMALL BUSINESS AND ENTREPRENEURSHIP 
ONE HUNDRED TENTH CONGRESS 


FIRST SESSION 


JOHN F. KERRY, 

CARL LEVIN, Michigan 
TOM HARKIN, Iowa 
JOSEPH 1. LIEBERMAN, Connecticut 
MARY LANDRIEU, Louisiana 
MARIA CANTWELL, Washington 
EVAN BAYH, Indiana 
MARK PRYOR, Arkansas 
BENJAMIN L. CARDIN, Maryland 
JON TESTER, Montana 


Massachusetts, Chairman 

OLYMPIA J. SNOWE, Maine 
CHRISTOPHER S. BOND, Missouri 
NORMAN COLEMAN, Minnesota 
DAVID VITTER, Louisiana 
ELIZABETH DOLE, North Carolina 
JOHN THUNE, South Dakota 
BOB CORKER, Tennessee 
MICHAEL B. ENZI, Wyoming 
JOHNNY ISAKSON, Georgia 


Naomi Baum, Democratic Staff Director 
Wallace Hsueh, Republican Staff Director 


(H) 



CONTENTS 


Page 

Opening Statements 

Kerry, The Honorable John F., Chairman, Committee on Small Business 
and Entrepreneurship, and a United States Senator from Massachusetts .... 1 

Coleman, The Honorable Norm, a United States Senator from Minnesota 3 

Tester, The Honorable Jon, a United States Senator from Montana 4 

Corker, The Honorable Bob, a United States Senator from Tennessee 4 

Snowe, The Honorable Olympia J., a United States Senator from Maine 38 

Witness Testimony 

Cox, The Honorable Christopher, Chairman, U.S. Securities and Exchange 

Commission 4 

Olson, The Honorable Mark W., Chairman, Public Companies Accounting 

Oversight Board 18 

Venables, Thomas, President and Chief Executive Officer, Benjamin Franklin 

Bank, on behalf of the American Bankers Association 62 

Wasielewski, Richard, Vice president and Chief Financial Officer, Nortech 

Systems, Inc 70 

Piche, Joseph, Chief Executive Officer and Founder, Eikos, Inc 74 

Alphabetical Listing and Appendix Material Submitted 

Coleman, The Honorable 

Opening Statement 3 

Prepared statement 49 

Corker, The Honorable Bob 

Opening Statement 4 

Cox, The Honorable Christopher 

Opening Statement 4 

Prepared statement 9 

xlResponses to post-hearing questions from: 

Senator Kerry 92 

Senator Snowe 96 

Senator Pryor 106 

Senator Enzi 109 

Letter to Senator Kerry 130 

Enzi, The Honorable Michael B. 

Prepared statement 134 

Post-hearing questions posed to: 

SEC Chairman Christopher Cox 109 

PCAOB Chairman Olson 121 

Kerry, The Honorable John 

Opening Statement 1 

Post-hearing questions posed to: 

SEC Chairman Christopher Cox 92 

PCAOB Chairman Olson 113 

Letter to Chairmen Cox and Olson 126 

Olson, The Honorable Mark W. 

Testimony 18 

Prepared statement 21 

xlResponses to post-hearing questions from: 

Chairman Kerry 113 


(III) 



IV 


Page 


— Continued 

xlResponses to post-hearing questions from — Continued 

Senator Snowe 116 

Senator Pryor 119 

Senator Enzi 121 

Letter to Senator Kerry 128 

Piche, Joseph 

Testimony 74 

Prepared statement 77 

Responses to post-hearing questions from Senator Pryor 124 

Pryor, The Honorable Mark L. 

Post-hearing questions posed to: 

SEC Chairman Cox 106 

PCAOB Chairman Olson 119 

Richard Wasielewski 124 

Joseph Piche 124 

Snowe, The Honorable Olympia J. 

Opening statement 38 

Prepared statement 39 

Post-hearing questions posed to: 

SEC Chairman Cox 95 

PCAOB Chairman Olson 116 

Letter to Chairmen Cox and Olson 128 

Tester, The Honorable Jon 

Opening Statement 4 

Venables, Thomas 

Testimony 62 

Prepared statement 66 

Wasielewski, Richard 

Testimony 70 

Prepared statement 72 

Responses to post-hearing questions from Senator Pryor 124 

Comments for the Record 

Enzi, The Honorable Michael B., a U.S. Senator from Wyoming, prepared 

statement 134 

Sullivan, The Honorable Thomas M., Chief Counsel for Advocacy, U.S. Small 

Business Administration, prepared statement 137 

Leahey, Mark B., Esq., Executive Director, Medical Device Manufacturers 

Association, prepared statement 151 

Independent Community Bankers of America, prepared statement 156 



SARBANES-OXLEY AND SMALL BUSINESS: 
ADDRESSING PROPOSED REGULATORY 
CHANGES AND THEIR IMPACT ON CAPITAL 
MARKETS 


WEDNESDAY, APRIL 18, 2007 

United States Senate, 

Committee on Small Business and 

Entrepreneurship, 

Washington, D.C. 

The Committee met, pursuant to notice, at 10:30 a.m., in room 
428-A, Russell Senate Office Building, Hon. John F. Kerry, Chair- 
man of the Committee, presiding. 

Present: Senators Kerry, Bayh, Pryor, Tester, Snowe, Coleman, 
Thune, and Corker. 

OPENING STATEMENT OF THE HONORABLE JOHN F. KERRY, 

CHAIRMAN, SENATE COMMITTEE ON SMALL BUSINESS AND 

ENTREPRENEURSHIP, AND A UNITED STATES SENATOR 

FROM MASSACHUSETTS 

Chairman Kerry. This hearing will come to order. I apologize to 
everybody for the delay, but we had two votes in the Senate, as I 
think you know, and we just finished the second one, so people are 
hustling over here. 

I want to thank SEC Chairman Cox, the PCAOB Chairman 
Olson, and all of our witnesses for taking time out of busy sched- 
ules to be here to testify at this hearing, in which we will examine 
the effects that the Sarbanes-Oxley regulations are having on small 
business and how we can help small businesses to comply with the 
law. 

Let me say up front that we are all proud that our country 
boasts the fairest and most transparent and efficient financial mar- 
ketplace in the world. We have achieved this status by developing 
a regulatory approach that ensures investors around the world can 
have confidence in our markets. However, between the years 1998 
and 2000, there were 464 financial restatements by public compa- 
nies. That number was higher than the previous 10 years com- 
bined, and too often, those public companies were overstating their 
income in order to attract investors or hold on to investors. 

The trust and confidence of the American people in their finan- 
cial markets was dangerously eroded by the actions of WorldCom, 
Enron, Arthur Andersen and others, and the shocking malfeasance 
by these businesses and accounting firms put a strain on the 

( 1 ) 



2 


growth of our economy, cost investors billions in assets and hurt 
the integrity of financial markets around the world. 

By all accounts, the Sarbanes-Oxley Act has brought back ac- 
countability to corporate governance and to auditing and to finan- 
cial reporting for public companies. The audit of internal controls 
over financial reporting has produced significant benefits, and pub- 
lic company financial reporting has improved overall. As a result, 
investor confidence in our capital markets has been restored and 
our Nation’s economic growth continues. 

Recent published reports show that accounting restatements on 
large companies’ financial results declined by 20 percent last year. 
This is important evidence that Sarbanes-Oxley is working. These 
improvements, however, have not come without some drawbacks 
and complications. Too many small public companies who have 
played by the rules are now expected to deal with the time and fi- 
nancial burden required by the Sarbanes-Oxley law. Last year, 
businesses with less than $75 million in assets saw the number of 
financial restatements increase by 46 percent. This shows that 
businesses getting ready to comply with Sarbanes-Oxley are having 
trouble. I believe that we will all benefit when small businesses are 
prepared for compliance with Sarbanes-Oxley. 

However, according to a recent U.S. Government Accountability 
Office study requested by Senator Snowe, the cost of compliance 
and the time needed for small companies to comply with Sarbanes- 
Oxley regulations has been disproportionately higher than for large 
public companies. Firms with assets of $1 billion or more spend 
about 13 cents per $100 in revenue for audit fees, while small busi- 
nesses are forced to spend more than $1 per $100 in revenue to 
comply with the same rules. 

As we will hear from witnesses on the second panel today, this 
disproportionate burden faced by small public companies may be a 
deterrent to other small businesses interested in going public. 
These small businesses aren’t resistant to fair and open financial 
reporting, but they are hesitant to make this transition because of 
the burdensome costs involved with compliance. 

Small businesses, we all know, are vital participants in capital 
markets. They play a critical role in future economic growth and 
high-wage job creation. I have no doubt that small public compa- 
nies will be able to comply with the Sarbanes-Oxley law just as big 
business is doing today. All small public companies know it is in 
their best interest to have regulations in place that provide trans- 
parency and accountability. These are the qualities that encourage 
investor confidence in U.S. markets, giving them access to more in- 
vestors and increasing the pool of available capital, while keeping 
their competitors from manipulating the marketplace through 
faulty accounting. 

But, and this is an important but, I think each of us on this 
Committee, wherever we have gone in the country, when talking 
to business people, hear anecdotally that there is sort of an over- 
reach or an excessiveness, that we could, perhaps, accomplish the 
goals of Sarbanes-Oxley perhaps with a little less financial and ad- 
ministrative burden. It is important for us to listen to that, to take 
it into account, to try to figure out if that is true. I think the real 
measure of this hearing is whether we can sustain the goals, the 



3 


accountability, and the transparency while minimizing the disrup- 
tive features and costs so that you maximize your competitive abili- 
ties and your growth, and that is the balance we would obviously 
like to find. 

We need to find a way, I think, to help some of these small busi- 
nesses, the backbone of the American economy, to make this transi- 
tion and make it effectively and smoothly. To that extent, I am 
very pleased that the Securities and Exchange Commission and the 
Public Company Accounting Oversight Board are currently consid- 
ering final rules and guidance on the implementation of Sarbanes- 
Oxley that will make it easier for small businesses to comply with 
the law. 

And while I acknowledge that the intent of the rule changes is 
to make it easier and less burdensome for small businesses to com- 
ply, we all know that the devil is always in the details. So I look 
forward to hearing from Chairmen Cox and Olson on the status of 
the rulemaking progress and see how those regulations will take 
into consideration the concerns of the small business community. 

As we move forward, there are additional steps that could be 
taken to assist small businesses, and I want to work with Senator 
Snowe and others on this Committee to find, hopefully, a common 
ground on how we could do that. 

I recently wrote to the SEC and the PCAOB with Senator Snowe 
urging the regulators to give small businesses up to an additional 
year to comply with the pending changes to Sarbanes-Oxley regula- 
tions. I believe this added time will help small businesses adapt to 
the changing regulatory structure and make it easier for those who 
lack the expertise or the financial resources to be able to comply 
with the law. I thank Chairman Cox for his previous support in 
providing small public companies with additional time to comply 
with Sarbanes-Oxley. 

As Chair of the Committee on Small Business and Entrepreneur- 
ship, I will continue to closely follow this impact on small firms and 
very much look forward to working with Senator Snowe and our 
colleagues to try to help small companies be able to abide by the 
law while simultaneously allowing them to focus on what they do 
best, which is creating jobs and growing our economy by partici- 
pating in the capital markets. 

So we look forward to hearing from our witnesses today. Before 
I introduce them, let me turn — Senator Snowe, I know, is on her 
way, but let me turn to Senator Coleman. Do you have any opening 
statement. Senator? 

OPENING STATEMENT OF THE HONORABLE NORM COLEMAN, 
A UNITED STATES SENATOR FROM MINNESOTA 

Senator Coleman. Just very briefly. I want to thank the Chair 
for convening this hearing. As I travel around my State and I talk 
to small businesses, this and health care are the two single most 
common concerns and complaints. 

I would just also take a note of personal pride in that both our 
witnesses before us. Chairman Cox and Chairman Olson, both have 
ties to St. Paul, Minnesota, having been born there or lived there, 
so I know they have the right kind of background to be very sen- 
sitive to these concerns and are smart enough to handle the con- 



4 


cerns. I look forward to their testimony and the testimony of the 
other witnesses. 

Again, I want to thank the Chair for his leadership on this very 
critical issue. 

Chairman Kerry. Thank you. You are not going to claim there 
is something in the Mississippi River water, are you? 

[Laughter.] 

Chairman Kerry. Senator Tester? 

OPENING STATEMENT OF THE HONORABLE JON TESTER, A 
UNITED STATES SENATOR FROM MONTANA 

Senator Tester. I also want to thank the Chairman. I want to 
thank Chairman Cox and Chairman Olson for being here. It is a 
delicate balance between regulation and what is appropriate and I 
look forward to hearing your perspective on Sarbanes-Oxley and 
how we can make it better. Thank you. 

Chairman Kerry. Thank you very much. 

Senator Corker? 

OPENING STATEMENT OF THE HONORABLE BOB CORKER, A 
UNITED STATES SENATOR FROM TENNESSEE 

Senator Corker. In the interest of time, I just want to thank you 
for the hearing and our witnesses and I will associate myself with 
Mr. Coleman’s comments. Thank you. 

Chairman Kerry. Thanks a lot. Senator. 

Senator Bayh? 

Senator Bayh. I have no opening statement. 

Chairman Kerry. We welcome Chris Cox, the 28th Chairman of 
the Securities and Exchange Commission. He was appointed by 
President Bush in 2005, and prior to his appointment, he spent 17 
years in the House of Representatives. 

Our second witness is Mark Olson, Chairman of the Public Com- 
pany Accounting Oversight Board. He served as a member of the 
Federal Reserve Board of Governors, the Federal Local Market 
Committee since December of 2001. 

Both are highly qualified and we really welcome you here today. 
Thanks for taking the time to come. 

Mr. Cox? 

STATEMENT OF THE HONORABLE CHRISTOPHER COX, 

CHAIRMAN, U.S. SECURITIES AND EXCHANGE COMMISSION 

Mr. Cox. Thank you very much, Mr. Chairman, Ranking Member 
Snowe when she arrives, and members of the Committee for invit- 
ing me to testify on behalf of the Securities and Exchange Commis- 
sion concerning the application of Section 404 of the Sarbanes- 
Oxley Act to small business. 

Mr. Chairman, you asked in your opening statement whether or 
not the United States can achieve the goals of accountability and 
transparency that underlie Section 404 of the Sarbanes-Oxley Act 
while simultaneously minimizing the costs and the disruption, es- 
pecially for small business. The answer to that, in the view of the 
Securities and Exchange Commission, and I dare say in the view 
of the PCAOB, is yes. 



5 


Your Committee’s charge is a vitally important one concerning 
costs of Sarbanes-Oxley to small business in particular, and even 
more generally, given the importance of small business to our econ- 
omy. For our part, the SEC’s charge in the statute includes the 
promotion of capital formation upon which small businesses, of 
course, depend. So like you, therefore, we are completely committed 
to fostering the climate of entrepreneurship that is so essential to 
growth and the success of smaller public companies. 

For a small business, raising private capital often depends upon 
the future prospective possibility of tapping the public market. So 
it isn’t just that the companies that are already public or ready to 
go public today are affected by how we implement Sarbanes-Oxley. 
It is also true that companies of all sizes are similarly affected. 
Every start-up, every new business idea, every determined woman 
with a dream or a man striking out on his own needs a flourishing 
IPO market. 

America, as you well know in this Committee, creates far more 
new businesses than does Europe, absolutely and on a percentage 
basis, and our capital markets have a far higher percentage of indi- 
vidual owners of securities. So it is essential for the vitality of our 
economy that we protect both the opportunity for small businesses 
to raise the capital that they need to innovate and the savings of 
the individuals, the many individuals, who have invested their 
money in the securities of smaller companies. 

Today, 4 years after the Sarbanes-Oxley Act was signed into law, 
over 6,000 public companies still aren’t required to provide the au- 
dited internal control reports that are called for by Section 404 of 
the Act. As a practical matter, almost every public company with 
securities registered by the Commission, if it has $75 million or 
less in public equity, falls into this category. They haven’t been re- 
quired to comply with Section 404, as you noted, Mr. Chairman, be- 
cause the Commission has been very sensitive to the special con- 
cerns of smaller public companies. All other public companies in 
the United States already have 3 years of reporting on internal 
controls under their belts. 

The Commission has delayed Section 404 compliance for smaller 
companies because of the disproportionately higher cost that they 
face, just as you pointed out. Our experience in the first 3 years 
told us that the way that 404 was being implemented was too ex- 
pensive for everyone; so imposing that system on the smallest com- 
panies would impose unacceptably high costs from the standpoint 
of the companies’ investors, who, after all, pay the bills. 

So the Commission and the Public Company Accounting Over- 
sight Board set out to address the unique concerns of small busi- 
ness. We further delayed the implementation of 404 for smaller 
public companies until Chairman Olson and I, working together 
with the full Commission and the full Board and our professional 
staffs, could replace the current inefficient system of Section 404 
implementation with a more streamlined approach that focuses on 
the material risks but that still provides for effective and meaning- 
ful internal control audits to protect investors. 

The focus of this hearing is on the proper implementation of Sec- 
tion 404. Focusing on the implementation of 404 rather than 
changing the law is consistent with the SEC’s view that the prob- 



6 


lems we have seen with 404 to date can he remedied without 
amending the Sarbanes-Oxley Act. And, despite the unduly high 
costs of implementing Section 404, I believe that the Act overall, 
including Section 404, may be fairly credited with correcting the 
most serious problems that beset our capital markets just a few 
years ago. 

So as the Commission and the PCAOB move forward with our 
plans to make the application of Section 404 workable for smaller 
companies, it is important to remember that Congress’s focus on in- 
ternal controls was not a mistake. It was and it remains exactly 
the right thing to do. 

It is also important to keep in mind that the Congress didn’t in- 
vent the internal control provisions of Sarbanes-Oxley out of thin 
air. There were clear antecedents for SOX 404 in the Federal De- 
posit Insurance Corporation Improvement Act, FDICIA, and before 
that in the Foreign Corrupt Practices Act. Since the internal con- 
trol requirements in those Acts hadn’t resulted in unexpected high 
costs, it was reasonable for Congress to assume that Section 404 
wouldn’t be disruptive, either. 

In the case of FDICIA, however, the banking regulators hadn’t 
adopted a highly prescriptive standard to implement the statute’s 
internal control provisions. But, following the passage of SOX in 
2003, the PCAOB and the SEC adopted a very different Auditing 
Standard Number 2 to implement Section 404. It was approved for 
use by auditors starting with internal control attestations in 2004. 
Following the implementation of AS2, many companies increased 
the documentation of their controls and formalized the procedures 
they use to identify, test, and analyze the effectiveness of those 
controls. 

The cost of this exercise far outstripped all expectations, includ- 
ing the formal estimate made by the Securities and Exchange Com- 
mission when the reporting requirements of 404 implementation 
were approved. It is undoubtedly true that some of these higher- 
than-expected costs reflected long-neglected maintenance of inter- 
nal control systems, but it is equally true and undeniable that 
much of the extra cost was and continues to be the result of exces- 
sive, duplicative, and misdirected effort. 

That concern is one of the reasons that, even now, smaller com- 
panies aren’t yet required to comply with Section 404. In a mo- 
ment, Chairman Olson will talk about the particulars of the pro- 
posed new auditing standard that the PCAOB is working on to re- 
place AS2. But it isn’t just the auditing standard that is being re- 
fashioned. 

The SEC is simultaneously writing guidance specially directed to 
the management of companies to give them a truly scalable ap- 
proach to designing controls that will work for the particular cir- 
cumstances in which they find themselves, especially for small 
business. And we are coordinating the two proposals by eliminating 
from the new auditing standard any language that would create an 
expectation that the controls would be designed to fit the audit 
rather than the audit being designed to fit the controls. 

It is our intention that the new guidance for management will 
work together with the PCAOB’s proposed auditing standard to 
clearly delineate the auditor’s responsibility for opining on manage- 



7 


merit’s assessment, on the one hand, and the company’s responsi- 
bility for the methods and the procedures that it uses in its inter- 
nal controls evaluation process, on the other hand. In combination, 
the Commission’s proposed guidance and the PCAOB’s proposed 
auditing standard should result in the management of smaller com- 
panies being able to use a top-down, risk-based approach to their 
evaluation of the internal controls. And the new approach to 404 
implementation should shift discussions between managements 
and auditors away from management’s evaluation process and to- 
ward what matters most to investors, the risk that material 
misstatements in the company’s financials won’t be prevented or 
detected in a timely manner. 

By the way, managers and auditors should talk to each other, 
and not just managements, but audit committees and boards of di- 
rectors should have a healthy and ongoing dialogue with their 
auditors about the company’s internal controls. There is no auditor 
independence rule or any other rule or standard that stands in the 
way of this kind of useful communication. 

The comment periods for both the Commission and the PCAOB 
proposals closed on February 26 of this year. The Commission re- 
ceived 205 comment letters from a broad cross-section of investors, 
small companies, large companies, accountants, lawyers, regu- 
lators, and academics. 

In our outreach to small business throughout this process, the 
SEC has been aided by the exceptional work of our Office of Small 
Business Policy located within the Division of Corporation Finance. 
The Office of Small Business Policy and its very able Director 
Gerry Laporte are focused on making sure that the unique needs 
of small business are reflected in our rules and in the interpreta- 
tions and guidance that we provide to the public. 

The Office of Small Business Policy also served as the secretariat 
for the Advisory Committee on Smaller Public Companies, which 
issued its report to the SEC in April 2006. That report was the 
first to focus on the problems with Section 404 implementation in 
a systematic way, and it has informed many of the solutions that 
we are now implementing. 

Of special significance to this Committee is that the comments 
from the small business community that we received on the pro- 
posed new 404 procedures were generally consistent with those 
that we received from other commentators. Almost three-quarters 
of the comment letters from small business interests indicated that 
the SEC’s proposed guidance would allow managements to tailor 
their evaluation to the facts and circumstances of their particular 
companies and help to focus the 404 process on the areas that are 
most important to reliable financial reporting. 

Sixteen of the 42 comment letters representing small business 
also emphasized the need to allow sufficient time for smaller com- 
panies to consider the final guidance issued, or to be issued, by the 
Commission and the final auditing standard that we expect will be 
adopted by the PCAOB before they are required to implement fully 
Section 404 of Sarbanes-Oxley. We take all these comments that 
we have received very seriously, and we are working hard to ad- 
dress these concerns. 



8 


Very recently, on April 4, Chairman Olson and I held an open 
meeting to review the general nature of the public comments and 
the work that remains to be done to address them. At that meet- 
ing, the Commission made it clear that we are very pleased with 
the progress that we and the PCAOB are making in our collabora- 
tion, and we focused on four remaining areas where we believe ad- 
ditional work is necessary. 

First, we need to better align the proposed PCAOB audit stand- 
ard and the Commission’s proposed guidance. 

Second, we need to improve the discussion in the proposed audit- 
ing standard of how auditors can scale the audit procedures, which 
will be of a special benefit for smaller companies. 

Third, we need to do further work to ensure that it is crystal 
clear that auditors should use their professional judgment in deter- 
mining audit procedures and testing based on their assessment of 
risk. 

And fourth, the auditing standard needs to use broader prin- 
ciples rather than prescriptive rules to describe when auditors may 
use the work of others. This last will ensure that auditors can rely, 
for example, upon work obtained from management’s risk assess- 
ments and monitoring activities when those are found to be com- 
petent and objective. 

As this Committee is aware, the Commission has carefully 
phased in application of the 404 reporting requirements. Specifi- 
cally, smaller companies would file management reports on their 
internal controls along with their annual report for their first fiscal 
year ending after December 14, 2007. For calendar year-end com- 
panies, this would mean March 2008. 

We aim to implement Section 404 just as Congress intended, in 
the most efficient and effective way to meet our objectives for the 
investor protection, well-functioning financial markets, and healthy 
capital formation by companies of all sizes. We won’t forget, Mr. 
Chairman, the failures that led to the passage of the Sarbanes- 
Oxley Act in the first place, and we won’t forget that, for small 
business to continue to prosper in America, strong investor protec- 
tion has to go hand-in-hand with healthy capital formation. 

The reforms that we are making to the Sarbanes-Oxley 404 proc- 
ess are intended to be of direct benefit to American small busi- 
nesses and the millions of Americans who work for them, who in- 
vest in them, and who benefit from the goods and the services that 
they provide. We are reorienting 404 to focus on what truly mat- 
ters to investors and away from expensive and unproductive make- 
work procedures that waste investors’ money and distract attention 
from what is genuinely material. No longer will the 404 process tol- 
erate procedures performed solely so someone can claim that they 
considered every conceivable possibility. 

Mr. Chairman, these next few weeks are a critical time for small 
business as we approach the finish line in our work to rationalize 
404. We look forward to working with you and all the members of 
this Committee in the days ahead on these issues as well as on the 
many other issues that face our Nation’s small businesses. 

Thank you again for the opportunity to speak on behalf of the 
Commission, and of course I will be happy to take your questions. 

[The prepared statement of SEC Chairman Cox follows:] 



9 


TESTIMONY OF CHRISTOPHER COX 
CHAIRMAN 

U.S. SECURITIES AND EXCHANGE COMMISSION 

CONCERNING REPORTING ON THE INTERNAL CONTROLS OF SMALL 
BUSINESSES UNDER SECTION 404 OF THE SARBANES-OXLEY ACT OF 2002 

BEFORE THE 

COMMITTEE ON SMALL BUSINESS & ENTREPRENEURSHIP 
UNITED STATES SENATE 

April 18, 2007 


Chairman Kerry, Ranking Member Snowe, and Members of the Committee: 

Thank you for inviting me to testify on behalf of the Securities and Exchange 
Commission concerning the application of section 404 of the Sarbanes-Oxley Act to 
small business. 

This committee's charge is a vitally important one, both to the millions of small 
businesses in America, and to our economy. For our part, the SEC is charged by statute 
with the promotion of capital formation, upon which our small businesses depend. Like 
you, we are therefore completely committed to fostering the climate of entrepreneurship 
that is the key to small business growth, and to the creation of so many jobs and so many 
goods and services in our country. 

For a small business, raising private capital often depends upon the future viability of 
tapping the public markets. It isn't just the company that is ready to go public today that 
benefits from a healthy market in publicly traded securities. Every startup, every new 
business idea, every determined woman with a dream and every man striking out on his 
own need a flourishing IPO market. 

America creates far more new businesses than does Europe. And our capital markets 
have a far higher percentage of individual owners of securities. So it's essential for the 
vitality of our economy that we protect both the opportunity for small businesses to raise 
the capital they need to innovate, and the savings of individual investors that are invested 
in the securities of public companies. 

Today, four years after the Sarbanes-Oxley Act was signed into law, over 6,000 public 
companies still aren't required to provide the audited internal control reports required by 
section 404. Generally, every public company with securities registered with the 
Commission, if it has less than $75 million in public equity, falls into this category. They 



10 


have not been required to comply with section 404 because the Commission has been 
very sensitive to the special concerns of smaller public companies. All other public 
companies in the United States already have three years of reporting on internal controls 
behind them. 

The Commission has delayed section 404 compliance for smaller companies because of 
the disproportionately higher costs they face compared to larger companies. Our 
experience of the first three years told us that the way 404 was being implemented was 
too expensive for everyone - and imposing that system on the smallest companies would 
impose unacceptably high costs from the standpoint of the companies' investors, who 
would have to pay the bills. 

So the Commission and the Public Company Accounting Oversight Board (PCAOB) set 
out to address the unique concerns of small business. We further delayed the 
implementation of 404 for smaller public companies until Chairman Olson and I, 
working together with the full Commission and PCAOB, could replace the current 
inefficient system of 404 implementation with a more streamlined approach that focuses 
on material risks - but that still provides for effective and meaningful internal control 
audits to protect investors. 

The focus of this hearing is on the proper implementation of section 404. Focusing on 
the implementation of 404, rather than changing the law, is consistent with the SEC's 
view that the problems we've seen with 404 to date can be remedied without amending 
the Sarbanes-Oxley Act. And despite the unduly high costs of implementing section 404 
of the Act, I believe that the Act overall - including section 404 - may be fairly credited 
with correcting the most serious problems that beset our securities markets just a few 
years ago, and with restoring investor confidence in our markets. 

One reason the Congress can be confident that the law you wrote is having the desired 
effect of improving the integrity of financial reporting is that many of its provisions are 
being replicated by other nations around the world. That is true even for section 404, 
albeit not the audit requirement. Variations of the law’s internal control reporting 
requirements are being adopted in Japan, France, China, Canada, and several other 
countries. Still other nations, including the United Kingdom, have adopted a comply-or- 
explain approach to managements’ assessments of internal controls and auditor reports on 
those assessments. 

So as the Commission and the PCAOB move forward with our plans to make the 
application of section 404 workable for smaller companies, it is important to remember 
that Congress’s focus on internal controls was not a mistake - it was, and remains, 
exactly the right thing to do. 

It's also important to keep in mind that the Congress didn't invent these internal controls 
disclosure requirements out of thin air. SOX 404 was not the first effort by Congress to 
focus public companies on the need for strong internal controls over their financial 
reporting and accounting. 



11 


The very first legislation in this area was enacted in 1977, in response to the discovery 
that a number of companies had falsified financial records in order to disguise or conceal 
the source and use of “slush funds.” Those slush funds were used to make questionable 
or illegal payments to foreign officials, and for a number of other illegal purposes. The 
year before that law was passed, in a report on these cases that the SEC made to the 
Senate Committee on Banking, Housing and Urban Affairs, we stated that: 

The almost universal characteristic of the cases reviewed to date by the 
Commission has been the apparent fiustration of our system of corporate 
accountability .... Millions of dollars of funds have been inaccurately recorded in 
corporate books and records to facilitate the making of questionable payments. 
Such falsification of records has been known to corporate employees and often to 
top management, but often has been concealed from outside auditors and counsel 
and outside directors. 

So in January 1977, the Commission proposed four rules to address the issues covered in 
that report to Congress. 

Two of the Commission’s four proposals eventually resulted in the accounting and 
internal control provisions of the Foreign Corrupt Practices Act. Among other things, 
these two provisions require each public company to make and keep books, records, and 
accounts which, in reasonable detail, accurately and fairly reflect the transactions and 
disposition of the assets of the company. In addition, the company must maintain a 
system of internal accounting controls to provide reasonable assurances that transactions 
are recorded as necessary for the preparation of financial statements according to 
generally accepted accounting principles. 

The remaining two proposals were adopted as rules by the Commission. One prohibits 
anyone from falsifying corporate books and records. The other prohibits officers and 
directors from lying to auditors. 

Following adoption of the Foreign Corrupt Practices Act in 1977, various private sector 
commissions and task forces recommended that companies and their auditors issue public 
reports on their level of compliance with the internal control provisions of the new law. 
And some companies voluntarily issued management reports about their system of 
internal controls. Some of those reports, typically from larger companies, also expressed 
views regarding the effectiveness of the company’s system of internal controls. 

On two occasions, in 1979 and again in 1988, the SEC proposed rules that would have 
required reports from both management and the auditors on a company's internal control 
system. Although those proposals weren't adopted, the Commission encouraged private 
sector initiatives to review the need for this kind of disclosure. 

Meanwhile, both through additional legislation and continued private sector efforts, the 
concept of an internal controls review was given sharper definition. In 1988, Congress 



12 


amended the Foreign Corrupt Practices Act to define “reasonable assurances” to clarify 
that the standard does not require an unrealistic degree of exactitude or precision. Then 
in 1991, in response to a financial institution crisis following many savings and loan 
association failures. Congress enacted the Federal Deposit Insurance Corporation 
Improvement Act — FDICIA.. That Act includes an internal control provision that is 
nearly identical to Section 404. And in 1992, the Committee of Sponsoring 
Organizations, or COSO, funded the publication of a framework for companies to use in 
developing internal control systems. COSO emphasized that internal controls should 
include the processes designed by a company to test whether its financial reporting 
objectives are being met. Organizations in other countries, as well as academics and 
professional associations, also helped in the 1990s to define and explain what is meant by 
an effective system of internal controls over financial reporting. 

With all of this as background, it wasn't surprising that five years ago, when Congress 
was again faced with the problem of egregious financial reporting and governance 
failures, one of the solutions at hand was to revisit the rigor of internal controls. In 
section 404 of Sarbanes-Oxley, Congress mandated that managements disclose their own 
conclusions about the effectiveness of their internal controls. And section 404 enhanced 
the credibility of that disclosure by also requiring that auditors attest to and report on the 
assessment made by management. The clear antecedents for this provision were FDICIA 
and the Foreign Corrupt Practices Act. Since the internal control requirements in those 
Acts had not resulted in unacceptably high costs, it was reasonable for Congress to 
assume that section 404 would not be disruptive, either. In the case of FDICIA, of 
course, the banking regulators did not adopt a prescriptive standard to implement the 
statute’s internal control section. 

In order to meet the requirements in section 404 of Sarbanes-Oxley, however, in 2003 the 
PCAOB adopted its very different Auditing Standard Number 2 under section 404. The 
SEC approved it for use by auditors starting with 2004 internal control attestations. 

Following the implementation of AS 2, many companies increased the documentation of 
their controls, and formalized the procedures they use to identify, test, and analyze the 
effectiveness of those controls. The cost of this exercise far outstripped all expectations - 
including the formal estimate made by the SEC when the reporting requirements for 404 
implementation were approved. It's undoubtedly true that some of these higher-than- 
expected costs reflected long-neglected maintenance of internal control systems. But it is 
also undeniable that much of the extra cost was, and continues to be, attributable to 
excessive, duplicative, or misdirected efforts. 

The Commission is determined to see to it that all waste of investors' money is eliminated 
from reporting under section 404. We and the PCAOB are working to re-focus 404 on 
the statutory purpose of informing investors about weaknesses in a company's internal 
controls that are truly material and really matter. The information conveyed to investors 
about the nature of those weaknesses has to be helpful to them in making investment 
decisions. 



13 


It was, of course, never intended that the 404 process should become inflexible, 
burdensome, and wasteful. Following the Commission's adoption of rules to implement 
section 404 in May 2003, we indicated that the methods used to evaluate the 
effectiveness of internal controls would, and should, vary from company to company. 
Early on, the SEC recognized that the approach taken by a Fortune 500 company 
wouldn’t be right for a small company. The operating and financial environments in a 
small business are very different from those in large companies. That concern was one of 
the reasons that, even now, smaller companies are not yet required to comply with section 
404. 

But in 2004, when Auditing Standard No. 2 went into effect, it laid out in too-elaborate 
detail what an audit of internal control over financial reporting should look like. And 
because AS 2 contained language that created auditor expectations for the way 
management would conduct its evaluation process, AS 2 became the de facto guidance 
for management’s evaluations and assessments. The resulting lack of flexibility for 
companies to design the internal controls best suited to their circumstances is one of the 
fundamental flaws in AS 2 that we are now working to address. 

In a moment, Chairman Olson will talk about the particulars of the proposed new 
auditing standard the PCAOB is working on to replace AS 2. But it isn't just the auditing 
standard that is being refashioned. The SEC is simultaneously writing guidance specially 
directed to the company's management, to give them a truly scalable approach to 
designing controls that will work in their particular circumstances - especially for smaller 
companies. And we are coordinating the two proposals by eliminating from the new 
auditing standard any language that would create an expectation that the controls would 
be designed to fit the audit, rather than the audit being designed to fit the controls. 

The proposed standard, and the Commission’s proposed management guidance, would 
also make clear that auditors are not opining on the methods or on the procedures 
management uses to evaluate its internal controls. Rather, they are opining on the 
effectiveness of the internal control structure and procedures. 

During the first few years of SOX implementation, we've learned a great deal from both 
the companies and the auditors who have had to implement section 404. We've listened 
at roundtables, studied comment letters, and paid close attention to the hearings and 
studies conducted by this Committee and the rest of the Congress. We have benefited 
from a great many academic and private sector studies. Almost all of them have 
concluded that the cost of compliance with section 404 has thus far exceeded the benefits 
that we've achieved. 

In July 2006, the Commission issued a concept release covering potential reforms of 
section 404 implementation, and in reply we received over 150 comment letters. Many 
suggested specific areas that we should cover in our guidance and the type of guidance 
that would be most helpful. 



14 


After considering those comments carefully, last December the Commission formally 
proposed the new interpretive guidance I just mentioned to assist managements in 
developing a process for evaluating their internal controls over financial reporting. 

An overarching objective of the Commission’s proposed guidance is to allow 
managements to focus on the areas that present the greatest risk of material misstatements 
in the financials. This is what the law has always intended we be focused on. It's also 
what investors care about. It is, in short, what's important for achieving reliable financial 
reporting. 

The guidance we proposed allows each company to exercise significant judgment in 
designing an evaluation that is tailored to its individual circumstances. Unlike external 
auditors, management in a smaller company tends to work with its internal controls on a 
daily basis. They have a great deal of knowledge about how their firm operates. Our 
new guidance would allow management to make use of that knowledge. 

Our proposed guidance also recognizes that those companies that are already compl 3 dng 
with section 404 have invested considerable resources in the design and implementation 
of their processes. The Commission’s proposed guidance should not disrupt or require 
any changes to those companies’ processes. At the same time, we believe that not only 
small businesses but companies of all sizes will benefit from our proposed new guidance. 
We also expect that, over time, even some larger companies may choose to adjust their 
404 evaluations in response to the guidance. 

When the Commission proposed its guidance, we also made clear that it provides one, but 
not the only, way to comply with the 404 requirement for an annual assessment of 
internal controls. We've made it clear that management can follow other reasonable 
approaches, too. For those managements that do follow the basic approach described in 
our guidance, we've proposed a rule that gives them the comfort of knowing that by 
doing so they have satisfied their obligation to evaluate their internal controls. 

It is our intention that the proposed auditing standard and our proposed guidance for 
management will work together to clearly delineate the auditor’s responsibility for 
opining on management's assessment, on the one hand, and the company's responsibility 
for the methods and procedures it uses in its internal controls evaluation process, on the 
other hand. In combination, the Commission’s proposed guidance and the PCAOB's 
proposed auditing standard should result in management using a top-down, risked-based 
approach to its evaluation of internal controls. And they should shift discussions between 
managers and auditors away from management’s evaluation process to what matters most 
to investors - the risk that material misstatements in the company's financials won't be 
prevented or detected in a timely manner. 

By the way - managers and auditors should talk. And not just managements, but audit 
committees should have a healthy and ongoing dialogue with their auditors about the 
company’s internal controls. There is no auditor independence rule, or any other rule or 
standard, that stands in the way of this kind of useful communication. 



15 


The comment periods for both the Commission and the PCAOB proposals closed on the 
same day - February 26 of this year. The Commission received 205 comment letters 
from a broad cross-section of investors, small companies and large companies, 
accountants, lawyers, regulators, and academics. About 70% of the respondents to the 
Commission’s proposed guidance also provided comments to the PCAOB on its 
proposed auditing standards. The percentage that commented to both of us would have 
been higher, except that we received 48 letters from a class at the University of 
Wisconsin, who apparently found writing to the SEC a more appealing assignment than 
commenting to the PCAOB. 

In our outreach to small business throughout this process, the SEC has been aided by the 
exceptional work of our Office of Small Business Policy in the Division of Corporation 
Finance. The Office of Small Business Policy is focused on making sure that the unique 
needs of small business are reflected in our rules, and in the interpretations and guidance 
we provide to the public. The Office of Small Business Policy served as the secretariat 
for the Commission’s Advisory Committee on Smaller Public Companies, which issued 
its report to the Commission in April 2006. That report was the first to focus on the 
problems with section 404 implementation in a systematic way, and it has informed many 
of the solutions that we are now preparing to put into effect. 

While the Commission hasn't yet made any final decisions based on the comments we've 
received, there are a few recurring themes in the letters that stand out. 

First, there is overall support in the comment letters for the principles-based nature of the 
Commission’s management guidance. Many commenters believe that this will encourage 
a healthy use of judgment and common sense in formulating the procedures companies 
use to evaluate whether material weaknesses exist in their internal control systems. 

A significant number of commenters, however, are concerned that the principles-based 
guidance from the Commission may not be well-aligned with the more prescriptive 
auditing standards proposed by the PCAOB. 

These commenters expressed concerns that having a more detailed auditing standard 
could drive managements to perform procedures or create documents during their 
evaluation process that would be unnecessary under the Commission’s guidance. They 
believe managements may feel compelled to perform this unnecessary work, or to create 
documents solely so the auditors will have them during the subsequent audit process. 
Essentially, the commenters are concerned that having a more prescriptive auditing 
standard will needlessly drive up costs, especially for smaller companies. It would mean 
that the company and its investors either have to pay the auditor to do additional testing 
and documentation that wasn't required by the SEC's guidance, or the company will have 
to do that otherwise unnecessary work itself, so that it can be relied upon by the auditors. 

Several suggestions were made in the comment letters about how to better align the 
Commission and PCAOB documents. Many of the comments focused on the need to 



16 


insure that after all of this effort we do not simply end up with, once again, an auditing 
standard that drives a significant amount of management’s work. In particular, 
commenters suggested that the PCAOB allow auditors to use more professional judgment 
in determining the necessary amount of testing and documentation. In other words, they 
suggested making the audit standard less prescriptive by removing requirements that 
could lead to unnecessary documentation and testing. 

Several commentators also noted that differences in certain definitions and terms in the 
proposals could be sources of confusion. These discrepancies between the SEC and 
PCAOB definitions of the same terms, they said, could also lead to over-documentation 
and over-testing. As a result, they asked that the Commission and the PCAOB more 
closely align our terminology. 

Of special significance to this Committee is that the comments fi-om the small business 
community generally were consistent with those received from other commenters. 

Almost three-fourths of the comment letters from small business interests (3 1 of 42) 
indicated that our proposed guidance would allow managements to tailor their 
evaluations to the facts and circumstances of their particular companies and focus on the 
areas that are most important to reliable financial reporting. Many of these commenters 
also noted the need to better align the Commission and PCAOB documents and to reduce 
the prescriptive nature of the PCAOB document, and suggested additional areas to be 
covered in the Commission’s guidance. 

Sixteen of the 42 comment letters representing the small business community also 
emphasized the need to allow sufficient time for smaller companies to consider the final 
guidance issued by the Commission, and the final revisions to the auditing standard 
adopted by the PCAOB, before they're required to implement the 404 reporting 
requirements. 

We take all of the comments we’ve received seriously, and we're working hard to address 
these concerns. 

Very recently, on April 4th, the Commission held an open meeting to review the general 
nature of the public comments and the work that remains to be done to address them. 
Chairman Olson and Jeff Steinhoff, the Managing Director for Financial Management 
and Assurance at the Government Accountability Office, also participated in that 
meeting. At the meeting, the Commission made it clear we're very pleased with the 
progress that we and the PCAOB are making in our collaboration, and we focused on just 
four remaining areas where we believe additional work is necessary; 

• First, we need to better align the proposed PCAOB audit standard and the 
Commission’s proposed guidance, as I just described. 

• Second, we need to improve the discussion in the proposed auditing standard of 
how auditors can scale the audit procedures, which will be a particular benefit for 
smaller companies. 



17 


• Third, we need to do further work to insure it's crystal clear that auditors should 
use their professional judgment in determining audit procedures and testing based 
on their assessment of risk. 

• And fourth, the auditing standard needs to use broader principles rather than 
prescriptive rules to describe when auditors may use the work of others. This last 
will ensure that auditors can rely, for example, upon work obtained from 
management’s risk assessments and monitoring activities when those are found to 
be competent and objective. 

In addition, in furtherance of the integrated audit that is contemplated by section 404, the 
Commission directed our staff to work with the PCAOB to ensure that there is better 
integration of the financial statement audit (which itself includes an assessment of 
internal controls) with the internal control audit required by the PCAOB. 

We’re pedal-to-the-metal on finishing this work, and we won't require smaller public 
companies to have a section 404 audit until the new guidance and the new auditing 
standard are available to them with plenty of time to prepare. As this Committee is 
aware, the Commission has carefully phased in application of the 404 reporting 
requirements. We have continued to defer 404 compliance for small companies. The 
result of our determination to phase in 404 for smaller companies is that we’ve had the 
opportunity to field test the requirements first. Now, we’re using what we've learned to 
lessen the burden not only for smaller companies that will eventually comply with the 
requirements, but for companies presently subject to the requirements as well. 

The rules the Commission adopted in December 2006 will permit smaller public 
companies - those with $75 million or less of public float - to postpone their first 404 
audit until the first fiscal year ending after December 14, 2008. For calendar year end 
companies, this would mean March 2009. 

In the meantime, those smaller companies can begin to get ready for full SOX 404 
compliance by undertaking the less burdensome part of 404 beginning with their SEC 
reports the year after next. Specifically, smaller companies would file management 
reports on their internal controls along with their annual report for their first fiscal year 
ending after December 14, 2007. For calendar year end companies, this would mean 
March 2008. 

One of the suggestions that has been made is that, even though as things now stand 
smaller companies won't be required to come into full compliance with SOX 404 until 
March 2009, the Commission should provide for a further extension of an additional 
year. If we were to do that, the first 404 audit reports wouldn't be filed until three years 
from now, beginning in March 2010. 

In the Commission’s release last December, when we issued the latest rules on the timing 
of these requirements, we stated that if we have not issued additional guidance for 



18 


management on how to complete its assessment of internal controls in time to be of 
sufficient assistance in connection with annual reports for 2007, we will consider whether 
we should further postpone the requirement. That remains true today. 

We also stated that we would consider further postponing the requirement of eventual 
404(b) compliance after considering the PCAOB’s anticipated revisions to the auditing 
standard - and that remains true as well. 

But that's not Plan A. As I described, we're working diligently to provide both guidance 
for managements and a new auditing standard in time for companies and their auditors to 
use them in connection with annual reports to be filed in 2008. In the next few weeks, we 
intend to finish our work on management's guidance, and to coordinate those efforts with 
what should be a new AS 5 adopted by the PCAOB. We aim to implement section 404 
just as Congress intended: in the most efficient and effective way to meet our objectives 
of investor protection, well-functioning financial markets, and healthy capital formation 
by companies of all sizes. We won't forget the failures that led to the passage of the 
Sarbanes-Oxley Act in the first place. And we won't forget that for small business to 
continue to prosper in America, both strong investor protection and healthy capital 
formation must go hand in hand. 

The reforms we're making to the SOX 404 process are intended to be of direct benefit to 
America's small businesses - and the millions of Americans who work for them, invest in 
them, and benefit from all that they provide to our economy. We're re-orienting 404 to 
focus on what truly matters to investors - and away from expensive and unproductive 
make-work procedures that waste investors' money and distract attention from what's 
genuinely material. No longer will the 404 process tolerate procedures performed solely 
so someone can claim they considered every conceivable possibility. 

Mr. Chairman, these next few weeks are a critical time for small business as we approach 
the finish line in our work to rationalize 404. We look forward to working with you in 
the days ahead on these issues, as well as on the other important issues facing our 
nation’s small businesses. Thank you again for the opportunity to speak on behalf of the 
Commission. I would be happy to answer any questions that you may have. 

Chairman Kerry. Thank you very much, Mr. Cox. 

Mr. Olson? 

STATEMENT OF THE HONORABLE MARK W. OLSON, CHAIR- 
MAN, PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD 

Mr. Olson. Thank you very much, Chairman Kerry, and mem- 
bers of the Committee, for inviting us to he here. It is a privilege 
to he here with Chairman Cox. We have had the opportunity to 
work on this important issue and I have been pleased at the 
amount of time that he has accorded this issue in order that we 
can achieve, as you appropriately pointed out, the retention of 
transparency in the U.S. capital markets while at the same time 
making the cost consistent with the incremental benefit. 

We look at our charge as the overseer of the accounting profes- 
sion with a very significant small business focus. First of all, from 
the standpoint that, as you know, every accounting firm, auditing 
firm, that either audits or wishes to audit a company that is pub- 
licly traded must register with us. There are over 1,700 firms 
around the world that have registered with us, and of that number, 



19 


just under 1,000 of them are domestic and they come from all over 
the country. As a matter of fact, of that number, we have — let me 
see, there are, regrettably, zero from South Dakota, but 21 from 
Tennessee, 10 from Minnesota, 31 from Massachusetts, 1 from 
Montana, 11 from Indiana, and 2 from Arkansas. So as you can 
see, they do cover all of America and most of them are very small. 

Of the number, only a handful, about 125, audit more than five 
publicly-traded companies. The foundation of the statute is that if 
you choose to access the capital markets, there is an expectation 
for the level of internal controls that you are expected to have, and 
the external auditor is expected to opine on that. This is not an un- 
reasonable expectation for accessing the U.S. capital markets and 
it is perfectly consistent, I think, with what you said earlier about 
maintaining the transparency of the markets while at the same 
time maintaining confidence in the markets. Senator Tester called 
it a delicate balance and we believe that is exactly the case. 

With respect to small businesses and small firms, unquestion- 
ably, the factors of scale alone will mean that the burden will fall 
disproportionately to the smaller firms if it is not addressed. I 
think your 13 cents per hundred for the large businesses and a dol- 
lar per hundred for the small businesses is probably pretty accu- 
rate in terms of cost if we do not pay specific attention to them. 
I would like to focus on the manner in which we have done that 
so far and then talk about some of the things that we can continue 
to do in the future. 

First of all, we have had small business audit forums around the 
country for the last several years. We have had 19 forums in 14 
cities, and those forums have helped the small firms learn how 
they can do audits in the post-Sarbanes-Oxley environment. We 
have had 1,400 auditors attend, and in many cases, we have also 
had representatives of audit committees attend. 

The manner in which we do the supervision, or oversight, of the 
small firms is very different from the larger firms. In many of the 
cases, we do not need to be intrusive to the point that we need to 
be on site. Much of it can be off-site. The manner in which we do 
the inspections is consistent with the level of involvement that they 
have with publicly-traded companies. 

We are in the process now, and I think that this is very key, of 
developing guidance for auditors of small public companies. The 
guidance we are developing is through the volunteer efforts of 12 
practitioners from 12 firms around the country who are looking at 
the scalability of the small audits and trying to make sure that we 
can define, in a very specific way, how they can be scalable and, 
cost effective for the smaller public companies. That is due to be 
made public later this year. 

Chairman Cox talked about some of the goals for a revised 
Standard AS2, which will be replaced by what we expect will be 
AS5. We will help address that as well. 

AS5 will be focused on controls that really matter. It will be writ- 
ten in understandable language as opposed to audit-speak, and we 
think that this will help in the manner in which audit committees 
or CFOs work on the engagement with the external auditor. Ulti- 
mately, working with the SEC, I am very confident that we will get 
the words right. 



20 


But as you suggested, the devil is in the details. Implementation 
is really key; that is going to involve PCAOB and the SEC with our 
respective guidance that we are putting out. Very importantly, it 
will involve the firms themselves. The issue is for the firms to rec- 
ognize that there is an expectation for a certain level of internal 
controls that hopefully will he respected and appreciated. 

Very importantly, the auditing firms need to he involved. They 
need to he involved in the sense that they need to scale the manner 
in which they are making the audits more efficient. Just today, Mr. 
Chairman and members of the Committee, we issued what we call 
a 4010 Report where we have summarized some of what we noticed 
in the efficiencies of the audits as they were done in 2006, and we 
pointed out in a very specific way how the efficiency has been im- 
proved and pointed out ways that it can be even more improved. 

As Chairman Cox said, this is at least the third time, I think, 
that the Congress has mandated an expectation that there will be 
a requirement for internal controls over financial reporting, 
FDICIA was the next-to-the-last and the Foreign Corrupt Practices 
Act was the first. 

One final point I would like to make gets to the U.S. competitive- 
ness issue. In the relatively brief period of time that the PCAOB 
has been functioning, we have noticed that in almost all the devel- 
oped countries of the world there has been a PCAOB-like organiza- 
tion started. As capital markets improve around the world, we are 
also finding around the world that there is a need for a govern- 
ment-mandated entity that would focus on oversight over the ac- 
counting and auditing professions. 

Next month, we will be holding a workshop here in the United 
States for our peers around the country. It can be a learning expe- 
rience for all of us. Interestingly, there are people from 44 different 
countries who represent organizations like the PCAOB who are 
coming here to participate in the workshop. 

Mr. Chairman, that concludes my statement. We have a formal 
statement that we have submitted for the record. I would be happy 
at this point to answer any questions. 

[The prepared statement of PCAOB Chairman Olson follows:] 



21 


Testimony Concerning 
The Sarbanes-Oxley Act of 2002 
and Its Impact on Small Businesses 


PCAQB 

Public Company Accounting Oversight Board 


Mark W, Olson 
Chairman 

Public Company Accounting Oversight Board 


Before the 

Committee on Small Business 
And Entrepreneurship 

United States Senate 


April 18, 2007 



22 


Chairman Kerry, Ranking Member Snowe, and Members of the Committee: 

I am pleased to appear on behalf of the Public Company Accounting Oversight 
Board ("PCAOB" or the "Board") to speak about the impact of the Sarbanes-Oxley Act 
of 2002 (the “Act”) on small business, and, in particular, the PCAOB’s oversight of small 
audit firms. ! am also pleased to join Chairman Cox before you today. The PCAOB 
works closely with the Securities and Exchange Commission (“SEC”) to achieve our 
shared goal of protecting the interests of the investing public in the preparation of 
informative, accurate and independent audit reports on public company financial 
statements. 

I. Introduction and Background 

This Committee’s focus on small business and entrepreneurship and the 
Committee’s particular focus today on the impact of the Act are both appropriate and 
very timely. The PCAOB, along with our colleagues at the SEC, are in the final stages 
of replacing Audit Standard 2, which I will later describe in greater detail. A priority 
concern that triggered our current efforts is the desire to assure that the audit standard 
mandated by the Act can be conducted in a manner consistent with the size and 
complexity of America’s small publicly traded companies. 

Mr. Chairman and Committee members, we see two important dimensions to the 
PCAOB focus on small business. First, of the 1,000 plus domestic audit firms that have 
registered with the PCAOB, the overwhelming majority are small firms. While our 
experience in examining these firms varies to some extent, we are reassured to 



23 


discover that many very small firms provide audits of consistently high standard for their 
clients, many of whom are small businesses. 

The second dimension of our small business focus is our recognition that these 
small businesses constitute the largest segment of entities impacted by our audit 
standards, and we need to be cognizant of their needs as we develop the standards. 

With more than half of all American households invested in U.S. public 
companies,- the discoveries of financial reporting and auditing improprieties at 
numerous public comrpanies earlier this decade swelled in 2002 to a national crisis in 
confidence in the integrity and reliability of public companies' financial statements. 
Widespread investor risk aversion across markets adversely affected innovation and the 
economy more broadly.- This led to a predictably strong response on the part of the 
investing public, as well as boards of directors at public companies, the accounting 
profession, regulators, and Congress. There was an increased recognition of the need 
to bolster internal controls over financial reporting and bring an enhanced focus to 
corporate governance. Congress reacted by passing the Act, which among other things 


^ Due to the expansion of defined contribution plans and other incentives, nearly 57 million U.S. 
households own stocks directly or through mutual funds, according to a study by the Investment 
Company Institute and the Securities Industry Association. See Equity Ownership in America: 2005 
(November 2005), avaiiabie at http://www.ici.org/pdf/rpt_05_equity_owners.pdf. 

^ By all measures, the fonvard risk premium for the S&P 500 swelled in October 2002 to nearly 
double the historical mean. The forward risk premium reflects the additional risk that investors perceive 
exists in the stock market, as compared to the bond market. See Monthly Earnings Report, Lehman 
Brothers, at p. 72 (April 7, 2004). The effect of this risk aversion was not limited to U.S. markets. For 
example, in 2002 it led to the collapse of Germany’s Neuer Markt, a young stock market designed to 
provide capital opportunities for small European companies and thus to compete with U.S. markets for 
shares of new “dotcoms" and other technology companies. See Benoit, B., Skorecki, A,, and Stafford, P., 
"Deutsche Borse to Close Neuer Markt Next Year," Financial Times (September 27, 2002). 



24 


established the PCAOB to replace the audit profession’s self-regulatory model with an 
independent oversight system. 

The PCAOB’s mandate is to oversee the auditors of public companies, in order 
to protect the interests of the investing public in the preparation of informative, accurate 
and independent audit reports on public company financial statements. The PCAOB 
does not set accounting standards or regulate disclosures by public companies; rather, 
its role is to enhance the quality of the audits of those companies. Simply put, the 
PCAOB’s job is to improve the quality arid reliability of public company audits, so that 
investors can have more confidence in audited financial statements. High quality 
financial disclosure by public companies is a cornerstone of U.S. capital markets and is 
necessary for the continued growth and competitiveness of the U.S. economy. 

With that brief history as context, I would like to devote my time today to 
describing the PCAOB’s programs, with a particular focus on the PCAOB’s approach to 
small audit firms. In addition, I will describe the PCAOB’s efforts, together with the 
SEC, to implement the provisions of the Act related to internal control, again with a 
particular focus on preparations for small companies and their auditors to implement 
those provisions, according to the timetable established by the SEC. 

II. The PCAOB’s Auditor Oversight Programs Foster a Dialogue with Small 

Audit Firms to Help Them to Improve Their Audits and Compete in the 

Market to Provide Public Company Audit Services. 

Subject to the oversight authority of the SEC, the Board is responsible for ~ 

• Registering audit firms that prepare audit reports for U.S. public companies; 



25 


• Establishing, by rule, auditing and related professional practice standards relating 
to the preparation of audit reports for U.S. public companies; 

• Conducting inspections of registered firms; 

• Conducting investigations of, and imposing appropriate sanctions where justified 
upon, registered firms and associated persons of such firms, 

I will focus my remarks today on the PCAOB’s oversight and interaction with 

small firms in particular. 

A. More Than 1,700 Accounting Firms Have Registered with the PCAOB. 

Early concerns that independent oversight might deter firms, particularly smaller 
firms, from continuing to audit public companies have not been borne out. On the 
contrary, since the PCAOB opened its doors in January 2003, it has registered more 
than 1,700 accounting firms that audit, or wish to audit, U.S. public companies. Of 
these firms, about 1,000 are U.S. firms. The firms vary dramatically in size. Some are 
multi-office regional firms with several, and sometimes a great number of, partners and 
professional staff, and others are sole practitioners with no professional staff. Only 
about 125 of these firms had more than five public company clients at the time they 
registered. In addition, more than 450 of these firms registered even though they were 
not the auditor of record for a public company at the time they registered.^ 


^ Importantly, the PCAOB’s rules related to registration were designed with care not to impose 
unnecessary impediments for small firms. Thus, while a registering firm must demonstrate that the 
Board’s approval of its application is consistent with the Board’s responsibilities under the Act to protect 
the interests of investors and to further the public interest in the preparation of informative, accurate, and 
independent audit reports, firms need not have a current public company audit client in order to register. 



26 


The PCAOB has observed that the market is improving for small audit firms 
registered to audit U.S, public companies. While the Big Four firms audit most public 
companies, they have reduced their public company audit client base over the past few 
years. At the same time, the next four and even smaller firms have increased the 
number of public companies that they audit.- Indeed, within the last year, two 
registered firms have grown their audit practices to such an extent that they now issue 
audit reports for more than 100 public companies, which triggers the requirement under 
the Act and the Board’s rules that the Board conduct annual inspections of those firms. 

Smaller firms are likely to continue to seize opportunities to expand their 
businesses by taking on new clients appropriate to the size and sophistication of the 
firms’ practices. At the same time, for their business growth to reach its full potential, 
the firms must understand and know what is expected of them within the Sarbanes- 
Oxley and PCAOB framework. For smaller firms, the adjustment to that framework can 
give rise to issues and questions different from those for the larger firms. 

B. The PCAOB Uses Outreach to Small Firms and the Small Business 
Community to Provide information About PCAOB Activities and Seek 
Insight on Smail Business Concerns and Chaiienges. 

The PCAOB has established an ambitious outreach effort directed toward small 
registered firms and their audit clients to address their unique issues and questions. 
These one- and two-day discussion sessions, called Forums on Auditing in the Small 

- See Yellow Card Trend Alert, Glass, Lewis & Co., at 1 (Feb. 15, 2005), According to this study 
by Glass, Lewis & Co., in 2004, Big Four firms reduced their public company audit clients by 400, the next 
four firms added overall, net, 117 public company audit clients, and all other accounting firms had a net 
gain in public company audit clients of 217. 



27 


Business Environment, follow an in-depth curriculum on PCA08 activities and 
developments. They have provided an avenue for small registered firms and small 
public companies to obtain a better understanding of the workings of the PCAOB, and 
they have fostered a robust dialogue that has given the PCAOB valuable insights to 
apply in its programs. In addition, I believe the Forums have better equipped firms with 
information to address the challenges of the new regulatory environment. 

To date, the PCAOB has held 19 Forums in 14 metropolitan areas across the 
country. Nearly 2,000 people involved in the small business community have attended 
the Forums, including about 1,400 auditors from smaller public accounting firms. Based 
on positive feedback from participants, the PCAOB intends to continue to hold Forums 
to further the PCAOB’s dialogue with such firms and companies. 

C. The PCAOB’s Supervisory Inspection Program Helps Small Firms 
Focus on Audit Quality Necessary to Compete in the Market to 
Provide Public Company Audit Services. 

While the Forums reach small firm auditors in a group environment, PCAOB 
inspections foster an even deeper, one-on-one dialogue between the PCAOB and small 
registered firms. Under the Act and the Board’s rules, firms that audit the financial 
statements of 100 or fewer public companies are subject to inspection at least once 
every three years. The PCAOB has taken a supervisory approach toward implementing 
its inspection program. In these inspections, the PCAOB has observed first-hand how 
some small firms distinguish themselves professionally and competitively by performing 
high-quality audits. In other cases, PCAOB inspections identify areas in which firms 



28 


should do better. For those firms that strive to improve the quality of their audits and 
their ability to compete for public company audit clients, the supervisory dialogue 
throughout the inspection process helps them to do so. 

While the PCAOB’s inspection program is the core of its supervision of registered 
firms, these inspections take place largely outside the public view. This is because the 
Act mandates a significant degree of confidentiality relating to inspection information. 
One particular provision relates to any portion of a PCAOB inspection report that 
describes criticisms of the firm's system of quality control. Under the Act. a firm has one 
year to show that it has satisfactorily addressed those criticisms, and if it does so those 
criticisms remain nonpublic. This remediation mechanism reflects Congress’s policy 
decision to use the possibility of public disclosure as an incentive to firms to address 
systemic problems.-' It has proven to be a key tool to motivate firms to do better. When 
the PCAOB identifies problems, firms typically take those criticisms seriously and make 
substantial changes within a year. 

Under the Board’s supervisory approach, it is able to use its inspection process 
to address most of the individual, or isolated, auditing problems identified, without the 
need to invoke its disciplinary authority to enforce applicable laws and standards. For 

® In order to give the public an understanding of how this incentive works, last year the Board 

described its experiences in monitoring firms’ efforts to address probiems identified in the first year of 
inspections. See PCAOB Release No. 1 04-2006-078, Observations on the Initiai Impiementation of the 
Process for Addressing Quaiity Controi Criticisms within 12 Months After an Inspection Report, March 21, 
2006, available at http://www.pcaobus.org/lnspections/ Public_Reports/2003/2006-03-21_Release_104- 
2006-078.pdf; see also PCAOB Release No. 104-2006-077, The Process for Board Determinations 
Regarding Firms’ Efforts to Address Quaiity Control Criticisms in Inspection Reports, March 21, 2006, 
available at http://www.pcaobus.org/lnspections/2006-03-21_Release_1 04-2006-077.pdf. 



29 


example, when an individual audit is not up-to-grade, inspectors discuss with the firm 
precisely what the deficiency is. Sometimes this means a firm will perform additional 
audit procedures to shore up a weak audit. When the problem relates to an individual 
auditor, a firm may provide additional training to or supervision of the person involved or 
take other action the firm determines is appropriate. Thus, the PCAOB inspection 
process has been able to prompt and facilitate firms' achievement of significant real- 
time improvements, often even before an inspection is concluded. 

D. The PCAOB Develops Auditing and Related Professional Practice 
Standards with the Needs and Challenges of Small Firms in Mind. 

The Act directs the Board to establish certain standards for use by auditors of 
public companies. Those include standards for auditing and related attestation work, 
standards for quality controls, ethics standards, and independence standards. In order 
to ease firms’ transition to independent oversight, early in the Board’s first year of 
operation, in 2003, the Board adopted as interim standards certain auditing and related 
professional practice standards that had been developed and adopted by the auditing 
profession prior to the establishment of the PCAOB. These are standards with which 
audit firms large and small were already familiar, as they existed on April 16, 2003.®^ 


“ In summary, these are: Generally Accepted Auditing Standards (or, “GAAS”) as previously 
established by the American Institute of CPAs (“AICPA"); Attestation Standards and related 
interpretations and Statements of Position as previously adopted by the AICPA; the AlCPA's Statements 
on Quality Control Standards and certain AICPA SEC Practice Section membership requirements; certain 
provisions of the AlCPA’s Code of Professional Conduct on Integrity and objectivity, and the standards 
and interpretations of the Independence Standards Board. 



30 


Since adopting this body of pre-existing standards, the Board has adopted four 
new standards- as well as new ethics and independence rules relating to tax services 
and contingent fees. To develop new standards and rules, the Board uses a standards- 
setting process that provides for public input at a variety of stages. In particular, three 
times a year the Board holds a public meeting with its Standing Advisory Group.- The 
advisory group’s 31 members are drawn from a cross-section of the nation’s companies 
- small and large - as well as auditors from small and large accounting firms, investors 
and their advisors, academics, and others. These individuals share their informed 
opinions on how the Board, consistent with its mandate, can improve the quality of 
audits, including by advising on best practices and emerging issues. Many of the 
advisory group’s discussions have focused on matters related to small business and the 
audits of small registered firms. On occasion, they have also included dedicated panels 
of small firm auditors who can offer their insights on best practices and their 
experiences with the unique challenges the small business community faces.®' 


Specifically, the Board's Auditing Standard No. 1 relates to references In auditors’ reports to the 
standards of the PCAOB; Auditing Standard No. 2 relates to audits of Infernal control over financial 
reporting: Auditing Standard No. 3 relates to audit documentation, and Audit Standard No. 4 relates to 
auditors' reporting on whether a previously reported material weakness continues to exist. They are 
available on the Board's Web site at http://www.pcaobus.org/Standards/Standards_and_Related_Rules/ 
index.aspx, along with the Board's new ethics and independence rules. 

^ The Board convened its Standing Advisory Group pursuant to Section 103(a)(4) of the Act, The 
Group consists of experts in auditing and financial reporting, including individuals with experience at 
institutional investors, accounting firms, and public companies. 

® The Board also participates as an observer of other agencies’ initiatives to examine issues 
germane to the small business community, including the SEC’s Advisory Committee on Smaller Public 
Companies, the Committee of Sponsoring Organization’s Task Force on Guidance for Smaller Public 
Companies, and the Financial Accounting Standards Board’s Small Business Advisory Committee. 



31 


In addition to seeking the views of its advisory group members and other 

interested persons, the Board seeks pubiic comment on proposed new standards and 

ruies, makes those comments publicly available on its Web site, and considers them 

before adopting final standards or rules. Board standards are also subject to SEC 

review, and they do not go into effect unless they are approved by the SEC.^® 

III. The PCAOB’s Role in Implementing the Act’s Internal Control 
Requirements 

I would like to devote the remainder of my time today to the PCAOB’s role in 

implementing, through its auditing standards, the provisions of the Act related to internal 

control over financial reporting. In particular, Section 404 of the Act requires public 

companies annually to provide investors an assessment of their internal control over 

financial reporting, accompanied by an auditor’s attestation on the same subject. 

A. The Act’s Internal Control Reporting and Auditing Requirements 

The term “internal control over financial reporting” refers to a company’s system 

of checks and processes designed to protect corporate assets, keep accurate records 

of those assets as well as its financial transactions and events, and prepare accurate 

periodic financial statements. Investors can have much more confidence in the 

reliability of a company’s financial statements if management demonstrates that it 

maintains adequate internal control over bookkeeping, the sufficiency of books and 

records for the preparation of accurate financial statements, adherence to rules about 

the use of company assets, and the safeguarding of company assets. Indeed, research 

— In most cases, applicable securities laws and rules provide for the SEC to publish PCAOB rules 
and standards for public comment as part of the SEC’s consideration and approval process. 



32 


shows that disclosures about the reliability of internal control have a significant effect on 
companies’ cost of capital.— 

Companies have been required to have internal control over their accounting 
since Congress enacted the Foreign Corrupt Practices Act in 1977. There is no doubt, 
however, that the Sarbanes-Oxley Act’s requirement for annual assessments, and 
auditor attestations to those assessments, took corporate responsibilities for internal 
control over financial reporting to an entirely different level. 

As directed by Section 404(a) of the Act, in June 2003 the SEC established rules 
describing companies’ required assessments. In March 2004, the PCAOB implemented 
Sections 1 03, requiring an auditing standard on internal control, and 404(b) of the Act 
by establishing a new auditing standard - Auditing Standard No. 2 - to provide for an 
audit of internal control over financial reporting integrated with the audit of the financial 
statements themselves. The SEC approved Auditing Standard No. 2 in June 2004.^ 
For large, established companies - which the SEC calls accelerated filers - the initial 


™ See Ashbaugh-Skaife, Collins, Kinney and LaFond, The Effect of Internal Control Deficiencies on 
Firm Risk and Cost of Equity Capital (April 2006, updated February 2007). Specifically, the researchers 
found that when companies report they have corrected a previously reported material weakness in 
internal control, their cost of capital goes down on average 1.5 percent. Conversely, when companies 
report material weaknesses in audited financial reports after they had previously reported in unaudited 
statements that internal control was effective, their cost of capital goes up on average almost 1 percent 
(93 basis points). 

See SEC Release No. 34-49884, Order Approving Proposed Auditing Standard No. 2, An Audit of 
Internal Control Over Financial Reporting Performed in Conjunction with an Audit of Financial Statements 
(June 17, 2004). 



33 


assessments and attestations were required by SEC regulations to be included in their 
annual Form 10-K filings for fiscal years ending after November 14, 2004.— 

The SEC has delayed implementation for smaller companies, i.e., the non- 
accelerated filers. Such companies have until they file financial statements for a fiscal 
year ending on or after December 1 5, 2007, to file their first management assessments 
of internal control. In addition, the SEC will not require such companies to file audit 
reports on such assessments until they file financial statements for a fiscal year ending 
on or after December 15, 2008.— 

B. Although the Act’s Internal Control Reporting Requirements are Not 
Yet Applicable to Small Companies, the PCAOB Has Used Its 
Experience Monitoring Large and Mid-Cap Company Implementation 
to Revise Its Auditing Standard and Develop Tailored Guidance with 
Small Companies In Mind. 

Notwithstanding this delay, there is considerable concern among small public 
companies about implementing the Act’s internal control reporting requirements. For its 
part, the PCAOB has monitored implementation by companies that are subject to the 
requirements, among other things with a view toward easing implementation challenges 


" Accelerated filers (and large accelerated filers) generally include companies with an aggregate 
market value of voting and non-voting common equity held by non-affiliates of the issuer (referred to as 
"public float") of $ 75 million or more, as of the last business day of the issuer's most recently completed 
second fiscal quarter. See SEC Exchange Act Rule 12b-2, 17 C.F.R. 240.12b-2; see also SEC Release 
33-8644, Revisions to Accelerated Filer Definition and Acceierated Deadlines for Filing Period Reports 
(December 21, 2005) (amending definition of "accelerated filer" to distinguish between “accelerated filers" 
and “large accelerated filers," which have a public float of $700 million or more). According to the SEC, 
approximately 44% of domestic companies filing periodic reports are non-accelerated filers. See SEC 
Release No. 33-8760, Internal Control over Financial Reporting in Exchange Act Periodic Reports of Non- 
accelerated Filers and Newly Public Companies (December 15, 2006), at 11. 

See SEC Release No. 33-8760, internal Control over Financial Reporting in Exchange Act 
Periodic Reports of Non-accelerated Filers and Newly Public Companies (December 15, 2006). 



34 


smaller companies may face. To this end, based on that experience, the PCAOB 
recently proposed a revision of its auditing standard on internal control and is 
developing specialized guidance and training for auditors of small companies. 

1. The PCAOB Has Monitored Auditors' impiementation of 
Auditing Standard No. 2 and, as Needed, Provided Guidance. 

In the nearly three years since the SEC's rule on management assessments of 

internal control and the Board’s related auditing standard went into effect for 

accelerated filers, the Board has closely monitored the challenges that those companies 

and their auditors have faced. As appropriate, the PCAOB has provided additional 

guidance to facilitate impiementation. In this regard, the Board's staff has issued five 

sets of interpretive guidance that answer 55 frequently asked technical questions on the 

implementation of Auditing Standard No. 2.—' In addition, on May 16, 2005, the Board 

issued a policy statement describing ways auditors can make their internal control 

audits as effective and efficient as possible.— 

The PCAOB has also used its inspections of larger firms to monitor firms' 

implementation of the Board’s auditing standard on internal control. To this end, the 

PCAOB issued a report on its inspections and other monitoring, on November 30, 2005. 


" These questions and answers are available at http://www.pcaobus.org/Standards/ 
Standards_and_Related_Rules/Auditing„Standard_No.2.aspx. 

— See PCAOB Release No. 2005-009, Policy Statement Regarding Implementation of Auditing 
Standard No. 2 (May 16, 2005). 



35 


That report describes best practices and provides additional guidance on how auditors 
can make their work more efficient.— 

The PCAOB's monitoring has also included participating, along with the SEC, in 
two roundtable discussions with representatives of public companies, auditors, investor 
groups, and others; meeting with its Standing Advisory Group; receiving feedback from 
participants in the Board's Forums on Auditing in the Small Business Environment; and 
revievying academic, government, and other reports and studies, including the 
Government Accountability Office’s April 2006 report to this Committee on Sarbanes- 
Oxlev Act: Consideration of Key Principles Needed in Addressing Implementation for 
Smaller Public Companies, and the Final Report of the SEC’s Advisory Committee on 
Smaller Public Companies issued the same month.’® 

2. The Board Has Proposed a Revision of its Standard, to 
Promote Efficiency and Eiiminate Unnecessary Procedures. 

The Board is determined to make internal control audits as cost-effective as 
possible for companies that are required by the SEC’s rules to obtain an audit report on 
internal control. Therefore, based on its experience monitoring implementation, on 


" See PCAOB Release No. 2005-023, Report on the Initial Implementation of Auditing Standard 
No. 2 (November 30, 2005), available at http://www.pcaobus.org/Rules/DocKet_014/2005-11- 
30_Release_2005-023.pdf. Importantly, in the first of those reports, issued after the first year of 
implementation, the Board found that many auditors faced tight deadlines, staffing and other resource 
constraints, and significant training needs. Moreover, their clients faced similar hurdles that were, In 
many cases, exacerbated by having to make up for deferred maintenance on internal control systems that 
had not kept up with the company’s growth and development. 

“ See GAO, Sarbanes-Oxlev Act: Consideration of Key Principles Needed in Addressing 
Implementation for Smaller Public Companies (April 2006, GAO-06-361 ); Final Report of the Advisory 
Committee on Smaller Public Companies (April 23, 2006), available at 

http://www,sec.gov/info/smallbus/acspc/acspc-finalreport.pdf. 




36 


December 19, 2006, the Board proposed a revision of its auditing standard on internal 
control, along with related amendments and rules.’®' Among other things, the proposed 
standard includes explicit guidance on scaling audits to reflect the attributes of smaller, 
less complex companies. In addition, the proposal is designed to - 

• Focus the audit on the matters most important to internal controi by, 

among other things, directing the auditor's testing to the most important 
controls; emphasizing the importance of risk assessment; revising the 
definitions of significant deficiency and material weakness, as well as the 
"strong indicators" of a material weakness; and clarifying the role of 
materiality, including interim materiality, in the audit; 

• Eliminate unnecessary procedures by, among other things, removing 
the requirement to evaluate management's process; permitting 
consideration of knowledge obtained during previous audits; refocusing 
the multi-location testing requirements on risk rather than coverage; 
removing barriers to using the work of others; and recalibrating the 
walkthrough requirement; 

• Simplify the requirements by, among other things, reducing detail and 
specificity; better reflecting the sequential flow of an audit of internal 
control; and improving readability. 

The Board has received thoughtful public comment on the proposal and, after 
considering those comments, expects to finalize a new standard in the near future. 

3. The Board Plans Guidance for Auditors of Small Companies. 

Based on the experience of small companies and auditors who have been - and 
are currently going - through the process of evaluating internal control, the Board is 
also working with practitioners to develop tailored implementation guidance for audits 
small public companies. This guidance should emphasize the scalability of internal 


At the same time, the SEC has proposed guidance that can be used by management in making 
the assessment required by Section 404(a) of the Act. See SEC Release No. 33-8762, Management's 
Report on Internal Control Over Financial Reporting (December 20, 2006). 



37 


control audits at a practical level, by providing auditors with examples of how the 
internal control audit process can and should be scaled to fit the relative sizes of small 
companies, from those that are on the cusp of accelerated filer status to those that have 
merely a handful of employees. The PCAOB is targeting publication of this guidance 
later this year, after the proposed revised standard is finalized. 

Finally, the Board is exploring various means of facilitating training for auditors of 
smaller public companies on auditing internal control. With constructive, practical 
guidance, the Board hopes that small companies and their investors will be able to reap 
the benefits of internal control reporting without unnecessary costs. 

IV. Conclusion 

The PCAOB works hard to achieve the objectives Congress set for it in the Act. 
The oversight program it has in place is reducing the risk of financial reporting failures 
and renewing confidence in the financial reports of public companies and, ultimately, in 
the U.S. securities markets. The Board continues to assess its oversight programs, 
however, and in doing so it takes into account the effect on, and perspective of, the 
small business community, As I have described, the Board has and will continue to 
make appropriate adjustments to assure that it achieves the objectives of the Act in the 
most effective and efficient manner possible. In particular, the Board is committed to 
ensuring that its standard on internal control lays the foundation for efficient audits that 
are cost-effective for small business and maintain the benefits intended by the Act. 

Thank you. I will be pleased to answer any questions. 



38 


Chairman Kerry. Thank you very much, Mr. Olson. 

That was very helpful, both testimonies, and we appreciate them 
very much. 

Senator Snowe is now here. Senator, do you want to wait and 
sort of gather for a minute 

OPENING STATEMENT OF THE HONORABLE OLYMPIA J. 

SNOWE, A UNITED STATES SENATOR FROM MAINE 

Senator Snowe. Thank you, Mr. Chairman. I appreciate it and 
I am going to dispense with my opening statement, but I want to 
thank you for holding this hearing today because this is a critical 
issue that has an enormous impact on small public companies. 

I want to welcome Commissioner Cox, with whom I have had the 
privilege of serving in the U.S. House of Representatives. I am de- 
lighted that he is continuing his record of standing public service 
to the SEC. To Chairman Olson, thank you for your contributions 
and charting a new course as Chair of the Public Company Ac- 
counting Oversight Board, so we thank you very much. 

These are critical issues and I will get into it in my questioning. 
We obviously have to address the challenge of harmonizing the reg- 
ulations and the direction from both the SEC and from the Board 
itself That is one of the issues that I have heard from the small 
business community in my State and across this country. It is cre- 
ating a lot of confusion and the impact of the cost compliance is be- 
coming exorbitant for many small public companies that otherwise 
should be channeling their resources in the direction of job creation 
and innovation rather than paying the unnecessary expenses asso- 
ciated with regulatory compliance. I have introduced a bill to ad- 
dress the impact of the regulations on small public companies, as 
well, because I think that these carts should be assessed along the 
way. 

But we will get into that in the questions and I thank you both 
for being here and the other witnesses, as well. Thank you, Mr. 
Chairman. 

[The prepared statement of Senator Snowe follows:] 



39 


Senator Olympia J. Snowe 

Senate Committee on Small Business and Entrepreneurship 
Hearing on “Sarbanes-Oxley and Small Business: Addressing Proposed 
Regulatory Changes and their Impact on Capital Markets” 

April 18, 2007 

Opening Statement 

Good morning. Thank you Senator Kerry for holding this critical hearing 
to analyze the proposed regulatory changes for small businesses and their 
impact on capital markets. Our nation’s small stock companies are the 
cornerstone of our entrepreneurial economy, and it is essential that we carefully 
address the regulatory barriers that impede their growth. This hearing is also 
timely as the Securities and Exchange Commission (SEC) and Public Company 
Accounting Oversight Board (PCAOB) are finalizing rules that will mandate 
how small public companies must comply with the Sarbanes-Oxley Act’s 
internal control requirements. 

I want to welcome all of our witnesses, and express our deep gratitude to 
them for participating this morning. I especially want to recognize and 
commend Commissioner Cox’s tremendous efforts. On a personal note, let me 
just say how much I, along with many others, appreciated then-Congressman 
Cox as an esteemed colleague in the U.S. House of Representatives. I am pleased 
that he is continuing his record of public at the SEC. 

I also want to thank Chairman Olson for being here today. In the short 10 
months he has served. Chairman Olson has worked diligently to include small 
companies in the regulatory formulation process by holding field tests, 
inspections, and carefully considering small companies’ comment letters. 

Commissioner Cox, since beginning your tenure you have demonstrated 
concern for small companies. You established the Advisory Committee on 
Smaller Public Companies, and have worked with the PCOAB to hold public 
meetings on this issue - where, I understand, many passionate small business 



40 


owners spoke their minds! I also want to thank the SEC for taking the time 
recently to answer the questions posed by a small company from Presque Isle, 
Maine, about the proposed rule changes. Chairman Cox, I want to thank you 
for encouraging your staff to be accessible to these companies and I look 
forward to our continued collaboration on this issue. 

I believe that the Sarbanes-Oxley Act was essential in restoring investor 
confidence after accounting fraud and massive company deceptions shook the 
public’s trust in U.S. markets. The horrendous debacle of corporate greed from 
companies like Enron and WorldCom forced not only thousands of employees to 
lose their jobs, but also wiped out the life savings of many retirees. Now, as we 
refine Sarbanes-Oxley’s regulations, we must carefully preserve Investor 
protections and ensure company transparency and accountability. 

In my home state of Maine, small publicly-traded companies are 
indispensable to the strength and renewal of our economy. However, the fact is 
these small stock companies are struggling with the cost of Sarbanes-Oxley 
compliance, regardless of their industry. Whether it’s a utility company, a dairy 
pharmaceutical company that makes large animal vaccines, or a community 
bank that fears being smothered by the combined weight of Sarbanes-Oxley and 
banking regulations, it is crucial that Maine’s home grown companies focus 
their energies on developing new products, entering new markets, and creating 
jobs - not on compliance. 

Regulations disproportionately affect small businesses and significantly 
hinder their competitiveness. In 2004, Senator Enzi and I jointly requested that 
the Government Accountability Office study the effects of the Act on small 
public companies’ access to capital. As this chart demonstrates, the study found 
that the costs for complying with Sarbanes-Oxley were nine times greater for 
smaller companies than for large stock companies. We must reduce the burden 
imposed by Sarbanes-Oxley so that our small stocks in Maine, and nationally, 
continue to be some of the world’s fastest growing and most innovative 
companies. 



41 


Commissioner Cox and Chairman Olson, I have been a measured 
advocate for refining and “right-sizing” Sarbanes-Oxley regulatory 
requirements for small businesses. However, for these reforms to work, it is 
absolutely paramount for our nation’s small businesses that the SEC and the 
PCAOB harmonize its final rules. Currently, many small businesses are 
concerned that while the SEC’s pending guidance is too vague — and conversely 
that the PCAOB’s requirements are too specific. It is imperative that the two 
organizations’ final requirements do not create conflicting standards which lead 
to confusion, waste, and additional, unnecessary expenses for small companies in 
order to achieve regulatory compliance. 

Additionally, I believe small companies will require time to understand 
and implement the final guidance that is scheduled to be issued by the SEC and 
PCAOB in June. I urge the SEC to extend small public companies’ compliance 
date by up to one year after final rules are published. 

Frankly, the impact of the SEC’s and PCAOB’s forthcoming final rules on 
small companies must be thoroughly considered and evaluated. In an effort to 
facilitate that process, I plan to introduce the Small Business Regulatory Review 
Act. Before issuing final guidance, my bill would mandate the SEC to assess the 
cost of its rules under the Regulatory Flexibility Act, and publish a small 
business compliance guide to help small companies implement these new rules. 

It would also require the GAO to subsequently investigate how these 
requirements are impacting small public companies. 

These review measures will help to assure that small stock companies do 
not suffer from additional unintended consequences which harm their ability to 
compete, innovate, and grow. 

I’d like to again thank our witnesses for their attendance. 1 look forward 
to your testimony. 



42 


Chairman Kerry. Thank you very much, Senator Snowe. 

We will try to proceed as quickly as we can, maybe 5-minute 
rounds to start with and if we need more time, I am happy to open 
it up to do that. 

I want to start. I appreciate the testimony of both of you, and 
it is helpful. As a starting principle, an awful lot of small busi- 
nesses that we meet with say to us, “Senator, I am not a big cor- 
poration. I don’t have the same money. I can’t afford all of this. I 
am just starting up. I don’t have as much working capital. These 
guys can afford all of these accountants,” et cetera. You have set 
a principle here, which I think is important for us to air as a 
threshold principle with which we are dealing, which is essentially: 
If you want to get into the marketplace, if you decide to go public, 
there is a standard of behavior that you have to adhere to. 

Is it fair to say that has to be without regard to cost and there- 
fore, you are loath to draw a distinction between the big companies 
and the small companies, so everybody in the marketplace is the 
same? Is that a fair statement? 

Mr. Olson. The audit itself, Mr. Chairman, should be very idio- 
syncratic and it should be based on the size and complexity of the 
individual firm. We have heard examples of relatively small compa- 
nies that have, for instance, a very high degree of complexity if 
they are doing a lot of derivative activities. We have also heard of 
simple companies that are accelerated filers. In other words, they 
have passed the threshold of being very large, but in fact, they are 
a very uncomplicated company. And so the audit itself ought to re- 
flect that complexity 

Chairman Kerry. And you are saying it doesn’t today? 

Mr. Olson. No, it can and increasingly can. It was the initial ex- 
pectation that it could, but that is exactly what we are trying to 
do in the rewriting of the AS5. We are in a very specific way de- 
scribing how it can be more risk-focused and how it can be de- 
signed for the particular complexity and size of the company in- 
volved. 

Chairman Kerry. I see. So in the end, there will be a variation, 
but the variation will not be defined by the per se size of the com- 
pany. It will be defined by sort of what the company is engaged in 
and what kind of activities it is involved in. Is it fair to say that 
the discretionary audit standard is going to be applied? 

I say discretionary because in reading Chairman Cox’s four 
areas, the four areas that you say — or the four remaining areas 
where we believe additional work is necessary are not inconsequen- 
tial areas. The one in particular that leapt out at me was that we 
need to do further work to ensure it is crystal clear that auditors 
should use their professional judgment in determining auditor pro- 
cedures and testing based on their assessment of risk. That seems 
to sort of restore or put back in place a fairly large measure of dis- 
cretion. I assume that is the purpose of it. 

Mr. Olson. That is the purpose of it. What the starting point 

Chairman Kerry. Is there a danger in that, where you go back 
to where we were? 

Mr. Olson. The starting point is the management itself defining 
its critical controls, and then the auditor would come in and attest 
to management’s assertions as to the adequacy of those controls. 



43 


What PCAOB does is provide the standard that the external audi- 
tor would come in to do in order to make that determination. 

What we have now, and they have to be looked at in combina- 
tion, is the management guidance provided by the SEC which an- 
ticipates that the management will have a very clear hands-on un- 
derstanding of which controls are key. In addition, PCAOB has de- 
fined a standard as to how you could do the audit but with an em- 
phasis on how you can identify the key controls and not simply 
make a recitation of all the controls. 

Chairman Kerry. So what happens, Mr. Chairman, if the audi- 
tor and the management disagree on what either risk is? 

Mr. Olson. That could well happen, and that is a negotiated 
process in a sense. But also, what the external auditor is doing is 
applying the standard 

Chairman Kerry. Why is it a negotiated process? I mean, pre- 
Sarbanes-Oxley, that was also a negotiated process, correct? 

Mr. Olson. Yes. 

Chairman Kerry. But what we discovered 

Mr. Olson. Well, negotiated in the sense that there could be 
agreement — the focus was on the extent to which the control was 
a key control and the extent to which they were following appro- 
priate audit standards. 

Mr. Cox. I would also jump in, if I may, and point out the obvi- 
ous, which is that, pre-Sarbanes-Oxley, there was no Sarbanes- 
Oxley Section 404 audit of internal controls. 

Chairman Kerry. Correct. There were just the standards of the 
industry and the sort of 

Mr. Cox. Well, there was a financial statement audit. 

Chairman Kerry. Correct. Understood. So the assumption is that 
given 404 and its requirements and the level of scrutiny that both 
of you will argue here, not to mention the risk in the marketplace 
of adverse reporting, you believe that this standard you are looking 
for here of professional judgment and testing and assessment of 
risk is the balance? That is effectively what you are looking for 
now? 

Mr. Cox. That is correct, Mr. Chairman. 

Chairman Kerry. And you think that balance can, in fact, reduce 
costs? 

Mr. Cox. The entire purpose of using judgment is to achieve the 
idiosyncratic audit that Chairman Olson is talking about. If an 
auditor cannot use his or her judgment, if there is a “check the 
box” mentality, then there is absolutely no way to avoid doing 
things that everyone knows are wasteful. 

Chairman Kerry. What is the check against an overly friendly 
relationship building in the assessment process? 

Mr. Cox. Well, obviously, we have a great deal of emphasis 
placed on the independence of the auditor to begin with. Second, 
there is still ample direction for both the auditor in auditing what 
management has done and for management itself in terms of what 
it is that they are trying to achieve with this whole exercise. It is 
supposed to be focused on things that can affect the financial state- 
ments, and what we are trying to wring out is any make-work that 
has nothing to do with something that might be material to the fi- 
nancial statements. 



44 


Chairman Kerry. So it is your judgment that there has been 
that kind of make-work in the process to date? 

Mr. Cox. That is the testimony that we have had from a number 
of commentors at our roundtables, in the report of the Advisory 
Committee on Smaller Public Companies, in the letters that we 
have received as recently as our latest round of proposals from both 
the PCAOB and the SEC. I think everyone is focused on the fact 
that investors are doubly injured when their money is wasted on 
things that don’t matter, because not only is that money misspent, 
but it is also a distraction to the auditors and for the financial 
statement integrity away from what truly is material. 

Chairman Kerry. Did you find in the process that there was a 
distinction between the make-work requirements with respect to 
small business and what happens in large business? 

Mr. Cox. Not necessarily, although I think it is felt more acutely 
by smaller businesses for the reason that you described, that pro- 
portionately, those costs fall heavier on smaller businesses. 

Chairman Kerry. In the fourth paragraph of the items that you 
think need more work, you talked about how the auditing standard 
needs to use broader principles rather than prescriptive rules. Can 
you sort of fill that out a little bit for us? 

Mr. Cox. Yes. I think that that is a cognate of the point we were 
just discussing. The hope is that we can avoid waste and ineffi- 
ciency in the audit, and both the PCAOB — in its inspection process, 
which in part is focused on efficiency — and the SEC — in our provi- 
sion of guidance to management want to be sure that that aim is 
achieved. By coming at this in a principles-based way, we hold peo- 
ple accountable for what truly matters. 

In Enron, which gave rise to a great deal of this, there was fa- 
mously adherence to a lot of technical rules, but when you stepped 
away from examination of the bark on the trees and recognized the 
forest, there was a massive fraud underway. A principles-based 
system holds people accountable even if they have technically com- 
plied with all of the small particular requirements, even if they 
have with a check-the-box mentality said, “I complied with these 
technical rules.” We want to be sure that we have that kind of safe- 
guard built into the system. 

Chairman Kerry. A final question. On the consumer side, they 
have also weighed in with you. You have received a lot of letters 
from evep^body on both sides. But they have suggested that the 
Commission is more concerned with reducing cost to business than 
with ensuring that the audit is effective. Can you speak to that? 

Mr. Cox. Our No. 1 concern is investor protection. We want to 
make sure that we have financial statements upon which investors 
can rely, and we want to make sure that the investors’ money is 
being appropriately spent to achieve that objective. As I mentioned 
a moment ago, if the investors’ money is being wasted on things 
that don’t affect the reliability of the financial statements or their 
integrity, then they are being doubly injured because all resources 
are scarce, including the auditors’ time. And, if the auditors are 
chasing things down rabbit holes that don’t matter, they are prob- 
ably missing other things that are truly important. 

Chairman Kerry. Thank you, Mr. Chairman. 

Senator Snowe? 



45 


Senator Snowe. Thank you, Mr. Chairman. 

Mr. Olson, in the conference report of the Sarbanes-Oxley Act 
when it passed, it indicated that internal controls should not be the 
subject of a separate audit. I just would like to have clarification 
from both of you on how you interpret the intent of Congress. Obvi- 
ously, we want to create an important balance here. There is a 
public interest at stake. At the same time, I don’t want to stifie 
competitiveness and inhibit job creation and job growth and inno- 
vation. In the conference report, in referring to the internal control 
evaluation reporting, it indicated that any such attestation shall 
not be the subject of a separate engagement. 

Mr. Olson. Senator, a couple of points on that. There was some 
confusion, I think, or there was some disagreement as to whether 
or not an audit could be done on management’s assertions and then 
a separate audit done on the controls themselves, and that is one 
of the issues that we addressed in AS5. We determined that it was 
not necessary to do two audits but, in fact, if you were to focus on 
just the controls themselves, you did not have to have a separate 
audit done on the management assertions. And so that has been 
addressed in AS5. 

Furthermore, I think that the previous guidance, under which 
the FDICIA 112 audits had been done, the question was raised 
that you could focus on either one or the other but you could do 
it with a single audit. 

Also, I think it is important to know that what we are trying to 
do now is to look — if you can combine the audit of internal controls 
and the financial audit themselves, there are a lot of efficiencies to 
be gained in that. So we have tried to address that question. 

Senator Snowe. Are you in agreement on the fusion of those two 
audits, I mean, on the accounting standards side? 

Mr. Cox. Senator Snowe, as you may recall, I served on the 
House-Senate Conference Committee on Sarbanes-Oxley, and I 
think you are exactly right in reading the plain language that you 
just quoted. And second, inferring the intent of Congress here, it 
was clearly contemplated in Section 404 that we would have an in- 
tegrated audit, and for many of the good reasons that Chairman 
Olson just specified. So the Commission has directed our staff to 
work closely with the PCAOB staff as we finish up this work to en- 
sure that there is the best possible integration of the financial 
statement audit, which itself includes an assessment of internal 
controls, and the internal control audit that is required by the 
PCAOB. 

Senator Snowe. In the hearings, in the meetings that you con- 
ducted around the country, have you had a chance to get a re- 
sponse from small public companies with respect to this integrated 
approach at this point? Small companies won’t be able to review 
the new requirements until June when these guidelines are issued? 

Mr. Cox. We have indeed received many comment letters in the 
formal comment process on both the proposed audit standard, and 
the SEC’s proposed management guidance and those comments are 
generally the same coming from smaller companies as from larger 
companies. They think that, in this respect, we are moving in the 
right direction. 



46 


Senator Snowe. I know I have heard from some of the smaller 
public companies in Maine, and I want to thank you again, Chair- 
man Cox, for you and your staff being responsive to a number of 
the questions that they have asked of the SEC. But what I have 
heard is that with the 6-month period in which they would have 
to conform to those regulations, do you think that that is going to 
be a sufficient amount of time for them to do so? 

Mr. Cox. I don’t think it would be a sufficient amount of time 
to comply in full with Section 404. There are two parts to 404. 
There is what management does without its auditors, and then 
there is the 404 audit. And in our experience it is that 404(b) re- 
quirement, the 404 audit, that is the basis of most of the com- 
plaints, most of the stories about distracting non-essential work 
and instinct for the capillary instead of instinct for the jugular that 
we are trying to fix. And so we have postponed for a further year 
the requirement that smaller public companies would have to apply 
with that 404 audit piece. 

Senator Snowe. I see. So on that piece, you are deferring for an- 
other year? 

Mr. Cox. Another year. 

Senator Snowe. I see. OK. Now 

Mr. Cox. That would be March 2009 for a calendar year-end 
company. 

Senator Snowe. I know one of the other issues that has been 
raised by the small business community is that the SEC and the 
PCAOB should harmonize their rules, because on one hand, the 
SEC’s guidelines have been too vague. On the other hand, the 
Board’s have been too specific. Do you think you have been able to 
fuse the rules sufficiently so that there is clarity in that regard and 
provide specific guidance? There is a tremendous burden that is 
placed on these small public companies that obviously face the 
costs disproportionately than larger companies. Senator Enzi and 
I requested a Government Accountability Office study back in 2004 
that basically asserted that fact. I think it was $1.14 it cost small 
companies for every dollar required for compliance. This was nine 
times greater than it was for large companies to comply with the 
regulations. 

Mr. Olson. Senator, the operative word that you use is in “har- 
mony” and I think that that is exactly what we are trying to 
achieve, harmony in this respect. The management guidance that 
would come from the SEC is the guidance to management that has 
the hands-on familiarity, and in our case, what we are doing is 
adopting a standard that the auditing firm would use. The manage- 
ment guidance should help in one very important respect: With 
that management guidance, our auditing standards should no 
longer be the de facto standard against which management would 
adopt its standards. 

I think that, in addition to being highly prescriptive in the origi- 
nal AS2, there was an overabundance of caution, and the auditing 
world, the PCAOB, probably the SEC, and even audit committees, 
I think, were absolutely over-prescriptive. They wanted to make 
sure there were no mistakes made. Well, we have now lived with 
Sarbanes-Oxley and we have learned better how we can make it 
much more efficient and effective and I think we will move toward 



47 


achieving that. The harmonization between the SEC and the 
PCAOB is exactly what we are trying to achieve. 

Senator Snowe [presiding]. That is important and I appreciate 
that. Thank you. 

Senator Tester? 

Senator Tester. A question for Chairman Olson, and Chairman 
Cox, if you wish. First of all, I want to thank the Board for flexi- 
bility on Sarbanes-Oxley. I guess my question is going to revolve 
around what is going on in other countries. What happens when 
we have got a situation where you have got investor protection 
versus capital formation in other countries? Is there a Sarbanes- 
Oxley out there for other markets? Of course, there will be a follow- 
up on this. 

Mr. Olson. Senator, there is indeed, and I think that is one, for 
me at least, of the more interesting components of the environment 
that we are dealing with. It is following the growth in capital mar- 
kets around the world. 

If you look at the markets that are growing the fastest right now, 
they are in places like India, developed Asia, even a resurgence in 
Japan. You see a significant building of capital markets in Europe, 
for example, in Eastern Europe, and London has been — has not al- 
ways been, but in recent years has become a very attractive mar- 
ket. So as you see the capital markets grow and you see more and 
more investors in those countries investing in those capital mar- 
kets, logically and not surprisingly, what you see is a focus on the 
quality of the audits being conducted. As a result, that is why we 
see PCAOB-like entities around the world. 

I just came from a meeting not long ago where I met with my 
counterparts from around the world, all of whom are grappling es- 
sentially with this same issue, the appropriate way to monitor and 
inspect the auditing profession while at the same time not unduly 
interfering with a cost burden. 

Senator Tester. So how do they deal with — are they more oner- 
ous or less or similar? With Sarbanes-Oxley, are we putting our 
businesses in this country at a competitive disadvantage? I guess 
that is ultimately the question. 

Mr. Olson. Let me describe the differences, because you have hit 
on a very important point and the differences are really important. 
What Sarbanes-Oxley did in establishing the PCAOB is that it re- 
quired an independence of the PCAOB separate from the account- 
ing profession. So, for example, we do not get funding from the ac- 
counting profession. Our funding comes directly from corporate 
America, from publicly-traded companies. 

In many other countries that have established an organization 
like ours, they don’t have the same resources we do. They are not 
in all cases able to fund the kind of a staff that we have to do our 
inspections, and sometimes they don’t have the same degree of 
independence. Bulgaria and Romania do not have the same re- 
sources that we do, for example, but they have had somewhat that 
same focus. 

Senator Tester. From an investor protection standpoint, where 
do we rate in the worldwide economy? 

Mr. Olson. We are not participating in a race to the bottom, and 
I think that is the most important point. We are maintaining con- 



48 


fidence in the standards we have in the United States while still 
being an attractive marketplace. If you look at the impact of Sar- 
banes-Oxley, you can actually track the fact that there has been a 
reduced cost of capital for firms that have gotten a clean bill of 
health on their ICFR audit. I don’t know where we rank. I wouldn’t 
put a number on it, but I think that confidence in the U.S. markets 
has been restored. 

If you look at the growth of IPOs, we have not grown as fast as 
some, but there has been an increase in the number of U.S. IPOs 
every year since 2003. We have an increased number of foreign 
companies that are issuing stock either as joint issuance or issuing 
in the United States. I think that that bodes well for the confidence 
in our markets. 

Senator Tester. Thank you. Madam Chairman. Thank you. 
Chairman Olson. 

Chairman Kerry [presiding]. Thank you. Senator Coleman? 

Senator Coleman. Thank you, Mr. Chairman. Again, I want to 
thank you. I do have a more extended opening statement that I 
would like entered into the record. 

Chairman Kerry. Without objection, it will be placed in the 
record. 

Senator Coleman. Thank you. 

[The prepared statement of Senator Coleman follows:] 



49 


Committee on Small Business and Entrepreneurship 

April 18, 2007 

Senator Coleman 
Opening Statement 

Thank you Chairman Kerry for holding this important 
hearing. 

Before I address the focus of this hearing, I would like to 
acknowledge the strong Minnesota presence of the 
witnesses before the committee today. 

Mark Olson is a life long Minnesotan who has led a 
distinguished public service career which has included 
serving as member of the Federal Reserve Board. We 
welcome you to today’s hearing. 



50 


The current SEC chairman also began his life in Minnesota 
before leaving for the sunny climes of southern California 
where he eventually became a successful Member of 
Congress. I’m sure though that Chairman Cox would 
agree, that while you can leave behind the cold weather, the 
warmth of the Minnesota people stays in your heart 
forever. 

I would also like to acknowledge a third witness: Rich 
Wasielewski, who comes here from Wazayta, Minnesota, 
where he is CFO of Nortech Systems, a small and 
successful electronic manufacturing services company. 



51 


It gives me great pride to see the state of Minnesota so well 
represented. Welcome all. 

Mr. Chairman, the issue before us today has been of great 
concern to me. This is one of the top issues I hear about 
from small businesses. As a member of this committee and 
a former Mayor, I am very troubled at the compliance 
burden of Sarbanes-Oxley on small businesses. Our 
economy is powered by small businesses. Our future job 
growth depends on small businesses. Our future economic 
prosperity and competitiveness depends on the ability of 
our small businesses to innovate and grow into industry 
leaders - to become the next Medtronic or the next Target - 
two great Minnesota companies. In order for small 
businesses to do so they need to be able to continue to 
access U.S. capital markets as opposed to being effectively 



52 


shut-out of these markets due to the high cost of Sarbanes- 
Oxley which are leading companies to go or stay private. 
More broadly speaking, I would add that our future 
competitiveness also depends on making sure that U.S. is a 
welcome home for capital. 

Ultimately trust is the capital market’s currency. The 
Enron and the WorldCom scandals badly devalued this 
currency at great cost to our capital markets, honest 
businesses, investors and the economy as a whole. As a 
result of the corporate scandals, the bond of trust forged 
over decades between the investing public and the capital 
markets was unraveling in an electronic trading second. 



53 


While Sarbanes-Oxley has helped in some measure to 
restore the investing public’s confidence in our capital 
markets it has done so at a great price. As Rich 
Wasielewski and others will share with the Committee, the 
compliance burden of Sarbanes-Oxley is too great. This 
burden is not just a bottom-line issue, but a jobs and a 
competitiveness issue. The signs are clear, from the 
disproportionate compliance cost faced by small businesses 
to the increase in the number of small businesses going 
private as reported by a GAO report last year. 

Businesses should not have to make the trade-off between 
hiring a new worker and/or purchasing new equipment and 
putting in place internal controls and hiring auditors to 
ensure compliance with Sarbanes-Oxley. Ultimately such a 
trade-off is not healthy for our increasingly global 



54 


economy. A better approach is to have small businesses 
report trusted and verifiable numbers — but in a way that 
enables to do what they do best - grow jobs and the 
economy. 

Despite the best efforts of the SEC and PCAOB, it is clear 
that both have struggled to achieve the difficult balance of 
protecting investors while not burdening businesses with 
crushing compliance costs. 

That said, I recognize the difficulty in achieving this 
balance and commend the SEC and the PCAOB for their 
efforts to reach out to the small business community and 
develop new rules late last year intended to reduce the 
compliance burden. It is my hope that both will continue to 



55 


work with the small business community on this very 
important issue. 


Thank you Mr. Chairman. I look forward to hearing from 
our witnesses. 



56 


Senator Coleman. I really appreciate the efforts and the sensi- 
tivity of both of the Chairmen here who understand the importance 
of us being competitive and small business being able to prosper. 
Clearly, some progress is being made even at this stage. We will 
have another witness here, a small business person from Min- 
nesota, Rich Wasielewski, and my belief is he will talk about some 
of the competitive disadvantages that American business faces be- 
cause of some of the burdens of Sarbanes-Oxley. So clearly, I think 
we are still in search of a more perfect balance. 

Chairman Olson, you raise the issue about harmonization. Or 
you made the comment about harmonization. I am sure you are 
both aware that on February 21, 2007, the SBA Office of Advocacy 
sent letters to both of you relating to the proposed internal control 
on auditing standard rules. That letter raised, at least from what 
I saw, significant concerns about the differences, about this effort 
at harmonization. I think it went on to say that despite the work- 
ing relationship, it was clear to me that the rules that you are pro- 
posing don’t fully comport. For example, according to the comment 
letter, to quote, “the SEC guidance seeks to provide flexibility and 
scalability to small public companies and therefore does not pre- 
scribe a particular methodology of identification of risk and con- 
trols. In contrast, the PCAOB’s revised accounting standard is very 
prescriptive and contains detailed bullet points on how auditors 
must evaluate management’s internal control reporting process.” In 
the end, the letter finally stated that “small business representa- 
tives have stated that by the use of the PCAOB’s revised auditing 
standard as their de facto guidance, they are afraid that following 
the SEC’s vague and flexible management guidance results in a 
negative audit by an auditor using the more detailed and prescrip- 
tive revised auditing standard.” 

My question, then, is with these concerns in mind, can you talk 
a little bit more about harmonization? Can you more specifically 
address this issue so that we don’t have businesses acting in fear 
and have a sense that they are dealing with the concerns of both 
of you? 

Mr. Olson. I would be happy to lead off on that one. Senator. 
To go back to when we first issued AS2, that was a well thought- 
through, carefully crafted standard that gave a lot of specific guid- 
ance as to what auditors might do in auditing the internal controls 
of financial reporting. Because of the abundance of caution that I 
mentioned, many of those specific examples, then, were determined 
to either be mandatory or presumptively mandatory. Some of the 
wording and some of the language in there perhaps suggested a 
great deal more procedures be done than were necessary. The term 
“make work” was used before. I don’t associate with that term. I 
don’t think it was make work. I think it was just the fact that peo- 
ple were wearing a belt and a pair of suspenders in terms of identi- 
fying the number of controls for which they wanted documentation 
and they wanted to test them. 

And then, immediately following that, in two separate instances, 
the PCAOB had issued either questions and answers or additional 
guidance as to how you could make the audit more scalable and 
less costly and less intrusive. And yet what we discovered was that 
the auditing firms were still going back to the original standard. 



57 


They weren’t fully incorporating the subsequent guidance. That is 
why instead of amending AS2, we are replacing AS2. I think that 
will address the de facto standard issue. Also, the SEC is providing 
its new management guidance relatively simultaneously. 

Senator Coleman. And my concern, and I turn to Chairman Cox, 
is that this guidance is not either conflicting or confusing but, in 
fact, is harmonization. What I am looking for, I just want to be as- 
sured — I want you to assure this Committee that when you finally 
get the kind of rules out there that they are not going to create 
confusion, that they are not going to be in conflict, and that the dif- 
ferences will be resolved. Chairman Cox? 

Mr. Cox. Senator, there are two areas of the four that I men- 
tioned that we are now focused on in the remaining weeks as we 
tie up the loose ends on this major project that relate to what you 
are describing. One is harmonizing definitions, and that, as you 
can imagine, is vitally important. We don’t want to use the same 
terms in different ways as part of the same process, so we are 
strongly committed to getting that right. 

The second area where harmonization is important and where we 
are focused, and I believe this goes directly to the comment that 
you are relating to us, is that, to the extent that the SEC’s man- 
agement guidance is more principles-based than the current 
version of the PCAOB proposed audit standard, we are trying to 
get further in harmony there, as well. Because if one is check-the- 
box and the other is principles-based, and I don’t mean to use that 
characterization because I don’t think that that is where we are at 
all, I think we are really down to the short strokes here. But just 
to use that as two extremes, if one were check-the-box and the 
other were principles-based, then you would almost certainly have 
a very serious problem of the check-the-box approach being the de 
facto standard. That is what happened last time around, and that 
is the very problem we are trying to fix. 

Senator Tester. Thank you. I just again hope that you work to- 
gether on this so that those differences are resolved. Thank you, 
Mr. Chairman. 

Chairman Kerry. Thanks, Senator. I appreciate it. 

Senator Bayh? 

Senator Bayh. Thank you, Mr. Chairman. Gentlemen, thank you 
for your service and your time today. 

Mr. Olson, I would like to start with you. The chart that is up 
behind us here about the differences in the cost of compliance, is 
there any evidence that as we have gone through this cycle now a 
couple of times the disparity is shrinking sort of as people get their 
feet under them, even in the absence of any additional action by 
you and the — I see you are looking at the chart. It just visualizes 
what has been orally said about the added cost of compliance for 
small business. 

[The referenced chart was not available at press time.] 

Mr. Olson. The bar on the left indicates small companies, $75 
million and over, and Sarbanes-Oxley does not yet apply to them. 
I am assuming that what is shown is an estimate. Section 404 does 
not yet apply to them. So I would think that it would not fully take 
into consideration 



58 


Senator Bayh. Well, let me ask, then, for companies above the 
bar where it goes into place 

Mr. Olson. Yes. 

Senator Bayh [continuing]. As the auditors and the companies 
begin to go through this process, are natural efficiencies due to fa- 
miliarity beginning to take place anyway? 

Mr. Olson. Very much so, and I think a couple of things 

Senator Bayh. Is that just anecdotal or is there any analysis that 
quantifies that? 

Mr. Olson. Let me tell you why it is difficult to come up with 
a real careful quantification. If the external auditor is auditing 
both — in other words, doing a consolidated audit of financials and 
internal controls, it is tough to break out which of the costs are for 
the internal controls as opposed to the financial audit. Anecdotally, 
what we are hearing is that firms that have accelerated filers have 
their methodology in place, and have their approach to the controls. 
In fact, I very recently heard an example of an accelerated filer 
that used the occasion of Sarbanes-Oxley to catch up on some of 
the internal controls that already needed attention; they used this 
as an opportunity. 

What I think we are hearing increasingly from the accelerated 
filers, and I hear this again and again and again, that they are a 
better company today because of Sarbanes-Oxley, but that the in- 
cremental cost still exceeds the incremental value and that is what 
we are trying to bring into line. We still have a ways to go. I 
wouldn’t claim that we have achieved all of that at this point. 

Senator Bayh. So some progress, but progress yet to make? 

Mr. Olson. I think that is a fair statement. 

Senator Bayh. Chairman Cox, for you, one of the things I have 
been interested in since the beginning of this whole thing, and I 
know you were there at the inception, as well, I would be inter- 
ested to know if anybody in your shop has any data about sort of 
the aggregate cost of compliance across the economy versus the ag- 
gregate amount of fraud that we have been preventing or that had 
been taking place because of this. One of the things that has been 
on my mind, it would be ironic if in the name of protecting the 
shareholders we actually were imposing more costs on the share- 
holders than the harm we were preventing. Is there any data out 
there about this? 

Mr. Cox. It is a mismatch because there is much harder data on 
what we spend to prevent fraud and much softer data on the fraud 
that doesn’t occur. Economists make a real and heroic effort to 
measure the latter, but as you might imagine 

Senator Bayh. How about the fraud we were actually catching? 

Mr. Cox [continuing]. Measuring what didn’t happen is very, 
very difficult. 

Senator Bayh. Pre-Sarbanes-Oxley, there is some data on the 
amount of fraud that was actually detected 

Mr. Cox. Well, we do know — our economists will now probably 
want to restrain me because I am going to 

Senator Bayh. You need a one-armed economist. 

[Laughter.] 

Mr. Cox. I am going to practice amateur economics here, but if 
one is willing to do reasonably rough justice about this, it is a fact 



59 


that our markets are healthy now. They were not before. They 
were stressed. They were in great difficulty. Investor confidence 
was shaken. There were significant problems that were uncovered. 
We are, at least right now, at a time when we do not have prob- 
lems of that magnitude coming to the fore. We at the SEC look for 
them every day. 

Senator Bayh. Well, how about the hard data that we do have 
on the additional costs of compliance? Are there figures out there 
on that? 

Mr. Cox. Yes, of course. 

Senator Bayh. What would those be? 

Mr. Cox. Now, you mentioned specifically that you are looking 
for a figure in aggregate for the whole country? 

Senator Bayh. I think you know what I am driving at, the appro- 
priate additional cost to promote transparency. I am just trying to 
do a cost-benefit analysis of what we are spending and the benefit 
we are deriving from that. 

Mr. Cox. What I would like to do, we have, of course, an Office 
of Economic Analysis and it is staffed by top-flight professionals at 
the SEC. What I would like to do is get you the very best data that 
we have on this rather than trying to wing it. But I assure you, 
having looked at this very carefully, that the numbers are going to 
be much more reliable on the cost side than they are on the bene- 
fits side. 

Still, I want to go back to a question Senator Tester put a mo- 
ment ago. I think that the fact that so much of the world, and 
Chairman Olson mentioned this in his response, is emulating Sar- 
banes-Oxley, and there is a lot of competitive marketing going on 
in other countries, attacking the brand name of Sarbanes-Oxley 
and so on. But if you take a look at the securities regulations that 
are being propounded in these other countries, including in the 
United ffingdom and many of the leading markets in the world, 
they are emulating the major parts of Sarbanes-Oxley, including 
internal controls assessments by management. The one respect in 
which they have not emulated 404 is the audit piece. 

But across the board, I think that, if one is talking about Sar- 
banes-Oxley in general and the recent improvements that are being 
made to investor protection in the United States of America, the 
emulation by other countries and around the world tells us, first, 
we are not putting ourselves at a competitive disadvantage because 
that is what is going on in these other markets, and second, we 
probably did something right. 

Senator Bayh. Thank you, gentlemen. 

Chairman Kerry. Thank you very much. Senator. I appreciate it. 

We have one more Senator and then we do have another panel. 
I don’t know, gentlemen, do you have folks here with you who may 
be able to stay and hear them, because I find sometimes the regu- 
latory folks who come up first would sometimes benefit by hearing 
what the other folks have to say. 

Mr. Olson. We have people who will stay, yes. 

Chairman Kerry. Thanks. That is great. 

Senator Corker? 

Senator Corker. Thank you, Mr. Chairman, and I thank both of 
you for your service. 



60 


I want to follow up a little bit on Senator Bayh and Senator Test- 
er’s comments. Before I do that, I do want to thank you for working 
together to try to create some harmony. I think “harmony” is the 
word that has been used here today, to make sure that companies 
don’t feel bifurcated, if you will, in their efforts to satisfy each of 
you and end up doing a lot of work that is make-work. I will just 
add to Norm Coleman’s comments, as far as what you hear back 
in the State of Tennessee from small companies, SOX is a huge 
issue and one that they continue to be concerned about. 

But I want to take it more to the macro level. I know we are 
talking about small business today, but I know that Senator Bayh 
was asking more quantitative kinds of questions, and I know it is 
hard to come up with those and sometimes even ever find out what 
is a true answer to those questions. If you step back and just look 
at the macro level in our country and look at the way we are com- 
peting with other countries, the tremendous resurgence of private 
equity here — I know a lot of that is due to the low cost of debt 
today, but tremendous attribution to the regulations it takes to be 
in public markets today, we see a tremendous resurgence in Lon- 
don and Europe and other countries. 

Could you all just give us some editorial comments as to where 
you see us as a country relating to public markets over the next 
5 or 10 years and just some other editorial comments, because both 
of you addressed this, as to what we might ought to look at as a 
country to make ourselves more attractive in those ways. 

Mr. Cox. Senator, the globalization of markets, which has been 
a fact of life ever since we have had public companies, for hundreds 
of years, is accelerating in the time in which we live and markedly 
so. And so for the Securities and Exchange Commission, focusing 
on how we work with our fellow regulators around the world has 
been a very, very big part of my job, and to a certain extent, given 
the SEC’s history, a surprisingly large part. 

As you know, the New York Stock Exchange and Euronext have 
combined. The NASDAQ took a 25 percent stake in the LSE. There 
are alliances being formed among markets and exchanges around 
the world. Increasingly, investors have the opportunity, either di- 
rectly or indirectly, to require foreign securities to subject them- 
selves to the regulation therefore not of the United States but of 
other countries. You mentioned the phenomenon of very large pri- 
vate pools of capital, including private equity hedge funds and so 
on, all of these changes. And added to that, the development of 
large liquidity pools in other countries that are competitive with 
the United States that didn’t formally exist and not to that extent 
have made the environment a very challenging one for the United 
States generally and for regulators specifically. 

But here is, if we take a snapshot, where we find ourselves. We 
are the largest, deepest, most liquid market in the world by far. 
Our exchanges are the largest, deepest, and most liquid by far. We 
continue to attract the lion’s share of the world’s investment offer- 
ings and there is no other market that comes particularly close to 
us. We have no birthright to that, and so we have to constantly 
sharpen our competitive edge. 

In my view, one of our comparative advantages is that one puts 
its, his, or her money into the United States, there is a rule of law 



61 


here and a sense of safety and security that is unparalleled and ex- 
ists nowhere else in the world. We want to maintain that competi- 
tive and comparative advantage. We also want to make sure that 
our regulations, because we have to now work more closely with 
other regulators, fit this new increasingly global world in which in- 
vestors are living, and that means not so much that we have to di- 
minish in any way the ultimate level of protection, but rather that 
in order to achieve constantly that same high level of protection, 
we have got to keep pace. We have got constantly to change for 
that reason. 

Mr. Olson. Senator, let me just follow up. First of all, I associate 
myself with Chairman Cox’s remarks. Having come to the PCAOB 
from another regulator and having been in a highly regulated envi- 
ronment all of my life, there is one fundamental premise that we 
in the United States have that most of the rest of the world does 
not have, and it is this: The markets in the United States are pre- 
sumed to work until such time as there is evidence that there 
needs to be some intrusion to correct a market irregularity. 

If you look at most of the regulatory burden that exists in the 
United States, almost all of it came out of a specific crisis in the 
past. All of the agencies that were created — like the Federal Re- 
serve Board, the Comptroller of the Currency, the FTC, the SEC, 
for example, were designed around addressing specific previous cri- 
ses. 

So, with much of the rest of the world, what you see is not a very 
permissive, very free market; but rather you instead have entities 
that are allowed to do only what they are specifically prescribed to 
do by law. 

I think that we continue to have a free and open marketplace 
and it is only when there are events like an Enron or a WorldCom 
that create a Sarbanes-Oxley, or a new body of law. I think that 
what we need to do is to make sure that we have retained respect 
for the fact that markets do work and that we still do not want to 
be an environment where individuals, who are investors, cannot 
have confidence in the markets. 

Fifty-percent-plus now of all U.S. households are investors in one 
way or another. That fact, I think, has been an important consider- 
ation for assuring that we have a body of law that addresses con- 
sumer concerns at the equity investment level. We can do that in 
a way that is still cost effective. Things are still out of line, but we 
are working very hard to bring them b^ack into alignment. 

Chairman Kerry. Thanks, Senator, very, very much. 

Just one parting question, if I can, as sort of a summary of this. 
We hear from some venture capital folks around the country that 
Sarbanes-Oxley is sort of a barrier to start-up here. Is there any 
evidence of companies actually making a decision to move to Eu- 
rope or elsewhere as a consequence of these rules? It is a derivative 
of the question asked earlier by Senator Tester, but it is something 
that I have heard lately from some very thoughtful and significant 
D.C. types. 

Mr. Cox. Senator, I, of course, hear the same thing from the ven- 
ture capital community, from their formal association and from in- 
dividuals in the industry, so I think at least in some sense, there 
is a reality to this. It is the firm conviction of people in that com- 



62 


munity that there are serious problems and problems that affect 
their decision making. Whether or not upon the completion of our 
work that will remain their opinion is something else. But I think 
we all know 

Chairman Kerry. But you are consciously, in the four areas you 
talked about and in your approach to these rules that you are re- 
fining, you are consciously taking that into account? Is that part 
of what you are factoring into this, or not? 

Mr. Cox. Yes. We are open to the possibility that many might 
persist in their antipathy towards Sarbanes-Oxley, notwithstanding 
the reality, and I think the other part of your question might chal- 
lenge us to provide data and I think the answer to that question 
might be very different. I would be happy, by the way, to follow up 
if you would permit with some hard data on that topic 

Chairman Kerry. We would like to follow up 

Mr. Cox [continuing]. Because I think we have some. 

Chairman Kerry. I will leave the record open for 2 weeks here 
to deal with the follow-up with you in writing on a couple questions 
because we are pressed for time now, but I think it would be im- 
portant to try to determine some of those things, if we can. 

We are very, very appreciative. Thank you so much, both of you. 
Thank you for the work you are doing. You can tell there is a lot 
of serious interest here on this and we will follow it very closely 
and we thank you. 

Mr. Cox. Thank you. Senator. 

Mr. Olson. Thank you. 

Chairman Kerry. Could I ask the members of the second panel 
to come right forward and we will try to continue seriatim here. 

First, Tom Venables, the president and chief executive officer of 
the Benjamin Franklin Bank in Franklin, Massachusetts, and he 
is testifying on behalf of the American Bankers Association, but I 
also want to thank Dan Forte and the Massachusetts Bankers for 
their efforts on behalf of the financial services industry and par- 
ticularly addressing these concerns. 

We also have Joseph Piche, the CEO and founder of Eikos, a 
high technology company located in Massachusetts. 

And third, we will hear from Richard Wasielewski, the vice presi- 
dent and chief financial officer of Nortech Systems in Wayzata, 
Minnesota, a full-service electronics manufacturer. I might also 
note, if my memory serves me correctly, Wayzata is a good feeder 
for hockey players in America. 

Mr. Venables, please lead off. Go ahead. 

STATEMENT OF THOMAS VENABLES, PRESIDENT AND CHIEF 

EXECUTIVE OFFICER, BENJAMIN FRANKLIN BANK, ON BE- 
HALF OF THE AMERICAN BANKERS ASSOCIATION 

Mr. Venables. Thank you. Mr. Chairman, I am pleased to rep- 
resent the American Bankers Association’s views regarding the im- 
pact of the Sarbanes-Oxley Act of 2002 on small businesses. Chair- 
man Kerry and Ranking Member Snowe, before I go further, I 
would like to thank you both on behalf of the ABA for your efforts 
on this issue and specifically the letter that you wrote requesting 
an additional extension of the Section 404 compliance date for non- 
accelerated filers. 



63 


The ABA is very concerned about the huge time and cost burdens 
experienced in complying with the Act as well as business oppor- 
tunity costs. The banking industry has significant experience with 
management reporting on internal controls because of the FDIC 
Improvement Act of 1991, or FDICIA, which has long required 
management reports and auditor attestations. Although the Act 
used FDICIA as its model, the rules followed for FDICIA were re- 
written for Section 404 purposes, resulting in excessive work and 
cost. The burdens of Section 404 are also having an impact on non- 
registrants as the AICPA and the PCAOB work to make the audit- 
ing standards for FDICIA and Sarbanes-Oxley 404 the same. 

For illustrative purposes, my own company, the Benjamin Frank- 
lin Bank Corp. in Franklin, Massachusetts, a community bank 
with $913 million in total assets, employing 186 people, incurred 
costs of approximately $420,000 and over 2,200 internal man hours 
during 2006 to comply with Section 404. This represents 6 percent 
of our normalized 2006 earnings. 

My experience is not unusual. Most community banks have simi- 
lar scenarios. This expenditure of time and money has not im- 
proved our ability to manage the bank. 

Given my experience with Section 404, I would like to raise three 
areas of concern: The revised and reformed rules, which need to be 
finalized with utmost speed; the implementation of the rules, which 
needs to focus on cost reductions; and the application of Section 
404, which needs to be delayed for non-accelerated filers to give 
them time to adjust to the updated rules. 

First, the rules related to Section 404 appear to be improving. 
The SEC and the PCAOB proposals have the potential to reduce 
the cost of compliance for all filers while retaining the strong inves- 
tor protections. The proposed guidance and auditing standards 
need to be finalized, though, with utmost speed. 

Another set of rules, those related to shareholder thresholds for 
SEC registration, must be updated. Under the Securities Exchange 
Act, companies are required to register if they have total assets ex- 
ceeding $10 million and 500 or more record shareholders. Because 
nearly all banks exceed the $10 million threshold, the only cri- 
terion of importance is the record shareholder threshold. The 
shareholder level has remained at the same level since it was first 
set in 1964. Accordingly, the ABA strongly recommends updating 
the Exchange Act registration shareholder threshold to between 
1,500 and 3,000 record shareholders. The threshold for de-registra- 
tion should also be brought in line to between 900 and 1,800 record 
shareholders. 

Second, the implementation of the rules need to focus on cost re- 
ductions which will only be realized if the auditing firms apply 
them as intended by the rule makers. The SEC and the PCAOB 
have achieved the proper balance with their proposals, but moni- 
toring the results will be extremely important in determining the 
successes of these changes. 

Einally, concerning the application of Section 404, non-acceler- 
ated filers need a delay of the compliance date. It is imperative 
that the rules are successfully implemented and tested before re- 
quiring non-accelerated filers to comply. It is also necessary to pro- 
vide non-accelerated filers with adequate notice, a minimum of one 



64 


full year in the case of calendar-year companies, in advance of the 
required compliance. This prevents the smaller companies from 
wasting valuable resources on and overpaying for unnecessary in- 
ternal control work. 

We are concerned that during the recent Section 404 meeting of 
the SEC, there was no mention of a specific delay of the compliance 
date for non-accelerated filers. It is urgent that the SEC provide re- 
lief to these small businesses in a timely fashion. Non-accelerated 
filers are required to produce reports this year on internal controls. 
In order to comply, they must decide now whether to follow the old 
rules or follow the recently proposed rules. Placing such a signifi- 
cant time constraint on these smaller companies is unreasonable. 
The clock is ticking for these non-accelerated filers and the alarms 
are ringing. 

In conclusion, thank you for holding this hearing and allowing us 
the opportunity to provide our observations to you. 

[The prepared statement of Mr. Venables follows:] 



65 


Testimony of 
Thomas Venables 
on behalf of the 
American Bankers Association 
before the 

Committee on Small Business and Entrepreneurship 
of the 

United States Senate 
April 18, 2007 


Mr. Chairman and members of the Committee, my name is Thomas Venables. I am Chief 
Executive Officer of Benjamin Franklin Bancorp, Inc. in Franklin, Massachusetts. My community 
bank has $913 million in total assets, employs 186, and was chartered over 130 years ago. I am 
pleased to be here today to represent the American Bankers Association (ABA) regarding the 
Sarbanes-Oxley Act of 2002 (Act) and its impact on small business. ABA, on behalf of the more 
than two milli on men and women who work in the nation’s banks, brings together all categories of 
banking institutions to best represent the interests of this rapidly changing industr}^ Its membership 
-- which includes community, regional and money center banks and holding companies, as well as 
savings associations, tmst companies and savings banks — makes ABA the largest banking trade 
association in the country. 

Before I go any further, we would like to recogni 2 e and thank Chairman Kerry and Ranking 
Member Snowe for their efforts in advocating an extension of the compliance deadline for non- 
accelerated filers. This hearing is timely because, under the current Securities and Exchange 
Commission (SEC) rules, 2007 is the first year for which non-accelerated filers will be required to 
begin complying with the rules of Section 404, which has proven in many ways to be the most 
troublesome part of the Act. 

First, let me say tliat the ABA fully supports the establishment and use of strong internal 
controls, which are critical to provide users of financial statements with reasonable assurance about 
the integrity of financial statements and to provide a foundation for appropriately managing a 
company’s risks. However, we continue to be very concerned about the huge time and cost Imrdens 
experienced in complying with the Act, as well as business opportunity' costs. The purpose of this 
testimony is to vshare those concerns from a community bank perspective and to provide some 
insights for your considecation. 

The banking industry has had a significant amount of experience with management reporting 
on internal controls and auditor attestations, because the FDIC Improvement Act of 1991 
(FDICIA), and the corresponding banking regulations, have required similar reporting for banks 
with total assets of $500 million or more (recently raised to |1 billion). Since then, banks have been 
required to produce annual reports on internal controls, and external audit firms have assessed the 
effectiveness of bank internal controls and have attested to these reports. Bankers, banking 
regulators, and accounting professionals have spent many hours specifically determining how to 
achieve such attestations. In fact, the Act used the FDICIA management report and attestation as 
its model However, the rules surrounding the FDICIA process were re-written for Section 404 
purposes, resulting in excessive work and costs. 



66 


By way of background, my own company, Benjamin Franklin Bancorp, achieved full 
compliance with Section 404 as of December 31, 2006. It may be helpful to share several facts 
related to our efforts during 2006 in this regard. Our team of officers and employees involved in the 
Section 404 effort expended 2,214 hours during 2006 at a cost of |1 80,082. In addition, we incurred 
an increase of internal audit costs of $113,080, information technology^ (IT) audit costs of $48,680, 
and additional external audit costs of $78,000, for a grand total of $419,842. During this time, we 
decided not to employ the services of an outside Section 404 "expert,'* or the costs would have been 
even higher. This expenditure of time and money has not improved our ability to manage 
the bank. The FDICIA controls that we have had in place for years are more than adequate to 
provide a framework for management to assess and report on the effectiveness of our internal 
controls. To put the approximately $420,000 of Section 404-reiated expenditures in perspective, diis 
amount represents 6.1 percent of normalized 2006 earnings! It is not enough to be struggling with 
an inverted yield curve and tremendous loan and deposit competition in our markets, but to start off 
the earnings year at 94 percent of potential because of the Section 404 compliance costs — well, this 
is difficult. Our shareholders were not well served, as tlie costs outweighed the benefits. My 
experience is not unusual. In fact, most community banks report significant hits to earnings from 
these costs. 

Given my experience witli Section 404, 1 would like to raise three areas of concern: 

• the revised and rcfomred rules — which need to be finalized with utmost speed; 

• the implementation of the rules - which needs to focus on cost reductions; and 

• the application of Section 404 - which needs to be delayed for non-accelerated filers to 
give them the time to adjust to the updated rules. 

The Rules Need to be Finalized with Utmost Speed 

The rules appear to be improving. The ABA appreciates the significant work the SEC and 
the Public Company Accounting Oversight Board (PCAOB) have done to provide management 
guidance and improve the auditing standards. We support the SEC’s position that streamlining of 
this guidance is important for both large and small registrants, as implementation costs have been 
too high and need to come down. 

Chairman Cox and Chairman Olson, particularly, should be commended for their efforts to 
streamline tlie Section 404 process to make it more cost-effective. They have focused on the 
appropriate areas, and die new guidance and auditing standards are clearly headed in the right 
direction. Their proposals provide efficient guidance and standards for management and auditors 
that have the potential to reduce costs of compliance for all filers while retaining the strong investor 
protections and risk focus of Section 404. Those proposals, which reduce the level of prescriptive 
detail (by shifting from transactions-based to risk-based audits) and eliminate unnecessary^ 
duplication of work, will, hopefully, make the Section 404 process more efficient and less costly. 
Thus, this will be a win-win for investors and the companies in wliich they invest. The proposed 
guidance from the SEC and proposed auditing standards from the PCAOB need to be 
finalized with utmost speed. 

Another set of rules, those related to shareholder tlireshold for SEC registration, must be 
updated as well. Updating the shareholder threshold for SEC registration is a speciEc action 
that could appropriately flow from today*s bearing as a step that would immediately reduce 



67 


regulatory costs on small businesses consistent with protection of shareholders. I would be 
remiss to not discuss this with you, the Senate Committee on Small Business and Entrepreneurship. 
This topic is of utmost importance to small businesses, and, without amending Section 404 itself, if 
would have an impact on the application of Section 404 by small businesses. 

Due to the increasing cost of being a registered public company, a number of small 
businesses, especially some of our member community banks, have determined that deregistration is 
in the best interests of their shareholders. Under the implementing regulation of Section t2(g) of 
die Securities Exchange Act of 1934, Rule 12h-3(b)(l), companies that wish to deregister must either 
have less than $10 million in assets or less than 300 record shareholders. Because ninety-nine 
percent of banks exceed die $10 million threshold for registration, the only criterion of importance 
to our member institutions in the rule is the record shareholder threshold. Thus, it is very difficult 
for most community banks to deregister without buying back shares from investors to retain fewer 
than 300 record shareholders. Doing so, however, can have negative consequences for local 
communities. Besides reducing small bank access to capital, it deprives small communities of one of 
the last opportunities to invest in a local business. Nevertheless, the high costs of Section 404 
compliance drives many bankers to choose this less than best option. 

Often banks do not choose to become SEC registrants, but are forced into it because of the 
organic growth in shareholder ownership. Without marketing their securities, many community 
banks have seen their shareholder base exceed the 500 mark as successive generations of 
shareholders distribute their shares amongst their descendents. Recently, these same institutions 
have seen the cost of compliance with Section 404 and other recent regulatory mandates 
significantly impact the profitability of the company. Community banks subject to Section 404 are 
experiencing significant hits to earnings. For small institutions, this amount represents an enormous 
financial burden. 

Although the SEC noted its intention to consider updating this threshold back in 1996, the 
shareholder level has remained at the same level since it was first set in 1964. At that time, the 
indicator of a public market was determined to be 500 shareholders. This indicator is now overdue 
for a revision to account for a more than threefold increase in the American populace investing in 
exchange-listed companies. In 2007 dollars, after adjusting for inflation, the same market presence 
today that 500 shareholders would have occupied in 1964 would be six times as large. In other 
words, it would take approximately 3000 shareholders today to equal the market presence of 500 
shareholders in 1964, assuming the average number of shares held by each shareholder and tlie 
average price of each share have not changed. Accordingly, the ABA recommends updating the 
Exchange Act registration shareholder threshold to between 1500 and 3000 record 
shareholders. The threshold for deregistration should similarly be brought in line to 
between 900 and 1800 record shareholders. 

On a related note, it is our understanding that the SEC’s Division of Corporation i^inance is 
considering a notice of proposed rulemaking on the deftnition of “held of record" found in Section 
12(g). Under the current definition, only persons identified in the issuer's records as security holders 
are considered "held of record." This definition includes shares held in street or nominee name by 
financial intermediaries such as banks and broker-dealers. Expanding this definition to include 
“beneficial owners,” i.e., equitable owners of the shares, would not only make it difficult to 
determine the number of shareholders for purposes of the registration requirements, but could 
significantly affect smaller companies. Under such an approach, many currently unregistered 
community banks and small companies would be required to register under the Exchange Act and 
incur all the concomitant costs of being a public company. If the SEC were to take such a step, we 



68 


believe that many of our smaller community banks will be forced either to sell up or substantially 
reduce their shareholder ownership, because they ate unable to bear the new regulatory costs. 

Implementation of the Rules Needs to Focus on Cost Reductions 

Reducing costs and streamlining efforts will only be achieved if the auditing firms have the 
incentive to make efficiency a priority. Our primary concern with respect to implementation of 
Section 404 involves tlie uncertainty as to auditor reactions to the combination of the SEC’s final 
management guidance and tlie final auditing standards published by the PGA OB. The first year of 
Section 404 saw exorbitant costs attributable to audit firms’ over-testing and evident 
misinterpretation of the requirements of Section 404 and the PCAOB’s auditing standards. 
Additional costs were incurred internally from hiring consultants and additional compliance 
employees to establish documentation and internal controls processes - much of which was 
unnecessaty^ These costs made severe dents in many companies’ profitability without a 
commensurate return to shareholders. 

In May 2005, to address some of the inefficiencies being identified, the PCAOB issued 
guidance that was similar to some of what is now being proposed for more formal inclusion in their 
rules. Although there was minor improvement in audit firms’ reactions to the May 2005 guidance, it 
was insufficient. Clearly, time has passed and new audits are underway, wliich could result in further 
improvements; however, what is the incentive for audit firms to forgo this additional revenue, even 
if many clients and shareholders view it as over-auditing? 

Fifficiencics will only be successful if the auditing firms accept these streamlining efforts. 

The realization of the goals of these efforts will be measured by: (1) an evaluation by individual 
filers as to whether the work and costs are reduced; and (2) the reviews of auditing firms by the 
PCAOB. We believe that the SEC and PCAOB have achieved the proper balance with their 
proposals, but monitoring the results will be extremely important in determining the success 
of the changes. 

The excessive burdens of Section 404 are also having an impact on small businesses that are 
not SEC registrants. For example, banks that are over $1 billion in total assets and are not SEC 
registrants ate not required to follow Section 404, but must continue to foUow FDICIA. 
Unfortunately, the auditing firms and the banking regulators are working to make FDICIA 
management reporting as burdensome as Section 404. Thus, Section 404 has been costly — even to 
those banking institutions that are not SEC registrants. This process should be stopped until we can 
better assess the effectiveness and efficiency of the new guidance and standards. 


Application Needs to be Delayed for Non-Accelerated Filers 

Non-accelerated filers need a delay of the compliance date. We would like to take this 
opportunity to thank you, Chairman Kerry and Ranking Member Snowe, for your attention to the 
problem of timing of compliance for non-accelerated filers. Although my institution is a small 
business, we are an accelerated filer and a delay for non-accelerated filers does not benefit us. 
However, I know firsthand how draining the Section 404 process w'as - and continues to be - on 
out resources, and it is imperative that tlie rules are reasonable before requiring other small 
businesses to comply. We fully agree with your letter to Chairman Cox on the need for an 
additional delay, and we further believe that the effective date for compliance for non-accelerated 



69 


filers should be delayed until such time as the new rules have been successfully implemented and 
evaluated for effectiveness. 

In order to allow sufficient time for non-accelerated filers to implement the guidance m the 
SEC’s proposal and auditors to adjust to using the PCAOB’s new auditing standards, it is necessary 
to provide non-accelerated filers with adequate notice (a minimum of one full year in the case of 
calendar year companies) - in advance of required compliance — so that they are not expected to 
invest in outdated processes and have sufficient time to understand and implement any new 
guidance. 

'The previous extension granted to non-accelerated filers delayed the financial burdens of 
Section 404 and the strain on valuable resources until costs could be reduced through experience, 
additional guidance for management, and improvements in the compliance process. This prevented 
these smaller companies from wasting valuable resources on unnecessary testing and overpaying 
consultants and auditors for unnecessat}' internal control work. 

ITe clock is ticking with respect to non-accelerated filers, and the alarms are ringing. We know 
that the SEC and PCAOB are working diligently to finalize dieir rules. We arc concerned that at the 
close of the most recent Section 404 meeting of the SEC there was no mention of a specific delay of 
the compliance date for non-accelerated filers. It is urgent that the SEC provide relief to these 
small businesses in a timely fashion. Non-accelerated filers whose fiscal year coincides with the 
calendar year are now required to report in tlieir 2007 annual reports on their internal controls over 
financial reporting. In order to comply properly with this requirement, non-accelerated filer 
management must decide /jow^whether to follow the old rules or whether to follow the proposed rules, 
which are supposed to be completed sometime this summer. Moreover, once the proposals have been 
issued in final form, both audit firms and registrants must quickly read and understand the final rules, 
and then apply them. Placing such a significant time constraint on these smaller companies is 
unreasonable. 

Based upon the recent public SEC meeting, there appeared to be agreement between the 
SEC and PCAOB that the new rules will significantly change the current rules, providing the SEC 
with sufficient justification to provide the much needed delay- It should be noted that smaller audit 
firms will also need to develop internal guidance for their auditors to follow subsequent to the release 
of the final rules. In aU likelihood, smaller companies will not want to begin their processes without 
agreement from their auditing firms and there simply is not enough time for small companies to 
understand and implement the guidance successfully and efficiently to the satisfaction of their 
external auditors. Ideally, non-accelerated filers should not be required to comply until the rules 
have been implemented and successfully tested for accelerated filers. This will help ensure that the 
efforts to improve the Section 404 process are actually working prior to requiring America’s small 
businesses to comply. 

In conclusion, the ABA and I appreciate your leadership, Chairman Keriy and Ranking 
Member Snowe, on the Section 404 issues and the path you are taking toward making it a 
meaningful and efficient process for small business and investors alike. We are glad this Committee 
is focusing on these issues that are so important to America’s small businesses. 



70 


Chairman Kerry. Thank you very much, Mr. Venables. That was 
very helpful. 

Mr. Wasielewski? 

STATEMENT OF RICHARD WASIELEWSKI, VICE PRESIDENT 

AND CHIEF FINANCIAL OFFICER, NORTECH SYSTEMS, INC. 

Mr. Wasielewski. Good afternoon. I would like to thank Chair- 
man Kerry, Ranking Member Snowe, and the other Committee 
members for this opportunity to share our company’s experience 
and insights into the benefits and costs of complying with the Sar- 
banes-Oxley Act of 2002 and the increased SEC regulations. I am 
also honored to participate in this hearing with Chairman Cox and 
Chairman Olson. 

My name is Richard Wasielewski and I am the Vice President 
and Chief Financial Officer for Nortech Systems, Incorporated. To 
provide some background on Nortech, we are a publicly traded 
Minnesota corporation organized in 1990. We file annual and quar- 
terly reports, proxy statements, and other documents with the 
SEC. We are an electronic manufacturing services company with 
facilities in Minnesota, Wisconsin, Iowa, and Monterrey, Mexico. 
We have over 1,100 employees who manufacture wire harness and 
cable assemblies, electric sub-assemblies, and printed circuit board 
assemblies for a variety of original equipment manufacturers. Ap- 
proximately 950 of these employees are tJ.S. employees and 150 are 
supporting our Monterrey operations. The primary markets we 
serve are industrial equipment, medical equipment, military/de- 
fense, and transportation. 

Our 2006 revenue was just over $105 million, with a net profit 
of $1.3 million, or 1.25 percent. Our industry is highly competitive. 
We are battling against global competitors with significant greater 
resources. We have assets totaling $42 million and a current mar- 
ket capitalization of just over $20 million. 

Over the last 5 years, our compliance costs have increased almost 
2 V 2 times, from $376,000 in 2002 to $933,000 in 2006. We estimate 
that approximately 50 percent of this increase is the result of the 
cost incurred from the Sarbanes-Oxley compliance and internal 
control initiatives while the other 50 percent is cost incurred on ex- 
panded SEC and Financial Accounting Standards Board reporting 
requirements. 

Despite these high costs, Nortech’s board of directors, CEO, CFO, 
and officers fully support the goals and objectives of the Sarbanes- 
Oxley Act of 2002 and believe in the U.S. capital markets. The 
major benefits to date of this Act is the assurance and continuous 
confidence our investors have in our company reporting of financial 
and management performance, along with the additional govern- 
ance from a stronger internal control of our financial processes. 
Our internal control policy and procedures are benefiting from a 
solid structure of clearly defined roles and responsibilities, risk as- 
sessment, monitoring, and corrective actions for continued improve- 
ment. 

However, these benefits come at a significant cost to Nortech 
from large administrative costs and fees necessary to meet regula- 
tions. Our company faces a competitive disadvantage against large 
public companies with great economies of scale, as well as private 



71 


and foreign companies that do not have to comply. Our relatively 
small finance department spends a disproportionate amount of 
time on regulatory compliance activities rather than supporting the 
business and operations. 

Every dollar spent on increased regulatory requirements is one 
dollar less we are able to spend on growth opportunities, capital in- 
vestment, and our ability to attract new investors to our company. 
Every hour spent by me and my staff on regulatory requirements 
is one hour less that can be devoted to overseeing the critical finan- 
cial performance metrics essential for day-to-day operating decision 
as well as short- and long-term financial planning. 

We know that the SEC and the PCAOB teams are working hard 
to understand the impacts increased regulations and oversight 
have on small business companies such as Nortech. We look for- 
ward to the new guidance on Section 404 for small companies to 
help us reduce costs and save time in order to keep us competitive 
in our global marketplace and provide our shareholders a fair re- 
turn on their investment. 

We support the Committee on Small Business and Entrepreneur- 
ship and their request that the implementation date of 404 for 
small companies be delayed from the current effectivity date. This 
delay will allow us to continue to build upon our current internal 
control processes without the time and cost pressures the current 
deadlines have and also allow us to field test the new guidance for 
small businesses. 

In conclusion, we believe the great opportunity and major bene- 
fits of 404 are already in place. Investors’ confidence has been re- 
stored in U.S. capital markets and improved control processes help- 
ing companies like Nortech better manage internal control systems 
are in place. For the competitive health of smaller U.S. companies 
like Nortech Systems, it is vital that our future compliance burden 
be scalable. 

Thank you again for the opportunity to participate in today’s 
hearings and for the Committee’s interest in this critical issue to 
Nortech and small businesses. 

[The prepared statement of Mr. Wasielewski follows:] 



72 


4 NortBch Systems 


1120 Wayzata Blvd. E, #201 » Wayzata, MN 55391 
Phone: 952.345.2244 • Fax: 952.449.0442 


Sarbanes-Oxley and Small Business: Addressing Proposed Regulatory Changes 
and their Impact on Capital Markets 

Testimony of 

Richard Wasielewski, Vice President and CFO 
Nortech Systems, Inc. 

Before the 

U.S. Senate Committee on Small Business & Entrepreneurship 
April 18, 2007 

Chairman Kerry, Ranking Member Snowe and Committee Members, thank you for the opportunity to 
share our company’s experiences and insights into the benefits and costs of complying with the 
Sarbanes-Oxley Act of 2002 and increased Security and Exchange Commission (SEC) regulations. 

My name is Richard Wasielewski, and I am the Vice President and Chief Financial Officer for Nortech 
Systems, which is a publicly traded Minnesota Corporation, organized in 1990. We file annual and 
quarterly reports, proxy statements and other documents with the SEC. We are an electronic 
manufacturing services company with facilities in Minnesota, Wisconsin, Iowa and Monterrey, 
Mexico. We have over 1,100 employees who manufacture wire harness and cable assemblies, 
electronic sub-assemblies, and printed circuit board assemblies for a variety of original equipment 
manufacturers. The markets we serve are Industrial Equipment, Medical Equipment, Military/Defense 
and Transportation. 

Our 2006 revenue was just over $105 million, with a net profit of $1.3 million or 1.25% of revenue. 
Our industry is highly competitive - we are battling against global competitors with significantly 
greater resources. We have assets totaling $42 million with a market capitalization at 2006 fiscal year- 
end of just over $20 million. 

I’d like to begin by stating thatNortech’s Board of Directors, CEO and Officers fully support the goals 
and objectives of the Sarbanes-Oxley Act of 2002. The major benefit of this Act is the assurance and 
continued confidence our investors have in our company’s reporting of our financial performance and 
management, along with the additional governance from a stronger internal control of our financial 
processes. Our internal control policy and procedures are also benefiting from a solid structure of 
clearly defined roles and responsibilities, priority management, risk assessment, monitoring, and 
corrective actions for continued improvement. 

However, these benefits come at a significant cost to Nortech from the large administrative costs and 
fees necessary to meet the regulations. Our company faces a competitive disadvantage against larger 
public companies with greater economies of scale to deal with increased compliance costs, as well as 
private and foreign companies that do not have to comply with Sarbanes-Oxley requirements. In 
addition, in order to meet the requirements of Sarbanes-Oxley and other internal control initiatives 
from expanded SEC and Financial Statement Standard Board (FASB) reporting requirements, our 
relatively small finance department spends a disproportionate amount of time on pure regulatory 
compliance activities rather than supporting the business and operations. 



73 


Over the last five years, our compliance costs have more than doubled, fiom $376,000 in 2002 to 
$933,500 in 2006. We estimate that approximately 50% of this increase is a result of costs incurred 
from our Sarbanes-Oxley compliance and internal control initiatives. The other 50% is costs incurred 
to meet expanded SEC and FASB reporting requirements. A detailed breakdown of Nortech’s total 
cost of compliance for financial statement audits, SEC filings and internal controls over the past five 
years is included in the table below. 


Nortech Systems. Inc.. Historical Costs for Audit & SEC Compliance 


Actual Fees Paid: 

2002 

2003 

2004 

2005 

2006 

Auditors 

$103,500 

$131,000 

$200,000 

$224,000 

$266,000 

Tax, SEC & GAAP 
Consulting & Advising 

$ 52,500 

$ 90,000 

$113,500 

$196,000 

$134,000 

Sub Total Fees Paid 

$ 156,000 

$221,000 

$313,500 

$420,000 

$400,000 

Estimated In-House Costs: 

Management & Staff 

$200,000 

$250,000 

$300,000 

$400,000 

$485,000 

Expenses 

$ 20,000 

$ 25,000 

$ 30,000 

$ 40,000 

$ 48,500 

Total Compliance Costs 

$376,000 

$496,000 

$643,500 

$860,000 

$933,500 


Another cost of the Sarbanes-Oxley Act has been the increased need for auditors and their services. 

The increased need to hire auditors for attestation reports for the earlier accelerated filers has resulted 
in higher compliance costs of our audit, consulting and GAAP advising fees due to the increased 
demand for resources. 

It should be noted that our current compliance costs do not include the cost for the Sabanes-Oxley 
auditor attestation reports, because they are not required for our Company until the end of 2008. The 
earlier cost estimates in 2002 and 2003 for our auditor attestation reporting requirements were roughly 
25-40% of our financial statement audit cost for a given year. Now that estimate has been increased up 
to 75-80% of the financial statement audit cost and the cost base is much higher. We estimate our 
auditor attestation cost to be an additional $200,000 to the above 2006 figure on an ongoing basis once 
we reach the required audit attestation stage. 

In addition, the increasing cost burden of compliance puts us at a significant competitive disadvantage 
against private and foreign companies, who, as I mentioned previously, do not have to comply with 
Sarbanes-Oxley requirements. Our competition has more time to focus on the growth and 
management of their business and less on regulatory requirements. Every dollar spent on increased 
regulatory requirements is one dollar less we are able to spend on growth opportunities, capital 
investment and attraction of new investors to our company. Every hour spent by me and my staff on 
regulatory requirements is one hour less we can devote to overseeing the critical financial performance 
metrics essential for day-to-day operational decision-making as well as short- and long-term strategic 
planning. 

We know that the SEC and the Public Companies Accounting Oversight Board are working hard to 
understand the impacts their regulations and oversight are having on small public companies such as 



74 


Nortech Systems. We look forward to the new interpretative guidance on Section 404 for small 
companies to help us reduce costs and save time in order to keep us competitive in the marketplace and 
provide our shareholders a fair return for their investment. 

We support the Committee on Small Business & Entrepreneurship and their request that the 
implementation date of Section 404 for small companies be delayed up to one additional year from 
current effective dates. This delay will allow us to continue to build upon our current internal control 
processes without the time and cost pressures of the current deadlines and requirements for audit 
attestation. 

Thank you again for the opportunity to participate in today’s Hearing and for the Committee’s interest 
in this critical issue to Nortech and other small businesses. I look forward to responding to any 
questions you may have. 


Chairman Kerry. Thank you very much, Mr. Wasielewski. 

Mr. Piche? 

STATEMENT OF JOSEPH PICHE, CHIEF EXECUTIVE OFFICER 
AND FOUNDER, EIKOS, INC. 

Mr. Piche. Chairman Kerry, Ranking Member Snowe, and mem- 
bers of the Committee, it is an honor to testify this morning re- 
garding the impact of Sarbanes-Oxley on small businesses. My 
name is Joe Piche and I am the founder and CEO of Eikos, Inc., 
in Eranklin, Massachusetts. We are a small nanotechnology com- 
pany that makes flexible, transparent, conductive films and coat- 
ings, and Eikos last year won the Wall Street Journal’s Technical 
Innovation Award globally for the most innovative material in the 
world. 

We started in 1996 and we have grown to 16 very talented peo- 
ple. In 2006, we had approximately $3.5 million in sales and our 
products have applications around the world. We have one licensee 
in Japan. As much of our commercial sales are in Japan and Asia, 
we contribute in a small way to reduce America’s trade deficit. 

I am pleased with what my team has accomplished, but we have 
reached a point where we need to access capital markets in order 
to expand. We have explored various options and concluded the 
best venue for raising the required capital for expansion might lie 
in the public markets. As such, we have explored the options with- 
in the United States and concluded that the atmosphere for doing 
so here is less favorable than utilizing other public markets, such 
as the AIM in London. 

I am not an economist nor an accountant nor an expert in the 
details regarding issues of the regulation of public companies. I am 
a chemist by training, and from my perspective as an entrepreneur, 
the atmosphere for raising capital in the United States has taken 
a turn for the worse, specifically with regards to going public and 
the costs associated with compliance for a small public company in 
the United States. 

At Eikos, we believe that some aspects of Sarbanes-Oxley have 
contributed to the current change in the financial climate in the 
U.S. capital markets. While Sarbanes-Oxley has had positive im- 
pacts, it has made it more difficult for me, a private company, and 
has dramatically increased our costs of doing business. 

Let me say from the outset, I believe Sarbanes-Oxley, for the 
most part, is very good legislation. Entrepreneurs like me depend 



75 


on our capital markets, and our capital markets depend on trust. 
Sarbanes-Oxley and the PCAOB have helped to restore the trust 
that corporate accounting scandals have helped to destroy. But 
over time, it has become clear that some of the secondary impacts 
of Sarbanes-Oxley have made it more difficult for companies like 
mine to do business. 

Regarding increased costs, as I have mentioned, Eikos needs to 
raise capital through private equity markets. However, due to in- 
creased regulations, the costs for our company to obtain this equity 
is extraordinarily high. The accounting costs specifically associated 
with taking a company public are now so large they threaten to 
wipe out the funding that a company like Eikos would receive in 
its IPO. So what is the incentive to take the company public when 
the company will not gain any capital as a result? 

The increased cost of accounting has far broader effect on a small 
company than just the question of whether or not to go public. Sar- 
banes-Oxley has increased the price of accounting services. I have 
witnessed a dramatic increase in the costs at Eikos. This cost is 
small relative to the huge resource expenditure that public compa- 
nies are now required to make as part of Sarbanes-Oxley. Eor ex- 
ample, I see other nanotechnology companies that have gone public 
or are public and they are now spending more per employee on 
Sarbanes-Oxley compliance than they are spending on health care. 
This should not be. 

With regards to liability, the increased liability imposed by Sar- 
banes-Oxley makes it simply not worth the risk to serve on the 
board without good D&O insurance. Before Sarbanes-Oxley, I could 
buy insurance for approximately $8,000 a year. Immediately after, 
the price shot up to approximately $40,000 to $50,000, a substan- 
tial increase. And it is not the same policy. The deductible went up 
and the coverage is much less comprehensive. 

At Eikos, we offer the best available health insurance. This is 
something I refuse to compromise because I do not want my em- 
ployees to ever worry about their health or the health of a family 
member. But the high cost of D&O insurance forced me to make 
a decision between maintaining this high standard of health insur- 
ance versus maintaining D&O insurance. Hence, I have lost board 
members because of the lack of our D&O insurance. 

Driving investment overseas, it is our transparency and account- 
ability that inspire the global investment community’s confidence 
in American markets, and that attracts investments from around 
the world to the United States. Sarbanes-Oxley was designed spe- 
cifically to strengthen the world’s confidence in our markets and 
thus attract even more foreign investment. This was a noble goal 
and in many ways has succeeded well. But in some ways, it has 
gone too far. Some of the very requirements of Sarbanes-Oxley that 
were designed to restore global confidence in the American markets 
by creating tremendous financial incentives for private companies 
to go public not in the United States, but in other countries. By in- 
creasing the costs of going public in the United States, Sarbanes- 
Oxley is giving foreign capital markets a competitive advantage 
over American markets. 

Eikos has considered carefully going public on the London AIM 
exchange. We estimate the cost in the United States to be approxi- 



76 


mately $2 million, but only $500,000 to $600,000 on the AIM. We 
are by no means alone. In foreign markets, the percentage here has 
increased in the last several years whereas the United States has 
held relatively stagnant or decreased. 

In conclusion, I would like to thank you. Senator Kerry, for your 
leadership in sponsoring legislation to help make it easier for small 
businesses to comply with Sarbanes-Oxley. I would also like to 
thank the members of the Committee for your ongoing commitment 
to support small businesses like Eikos. America’s small businesses 
are the engines of innovation and employment and they are abso- 
lutely essential to our continued competitiveness in this century. 

[The prepared statement of Mr. Piche follows:] 



77 


Testimony of Joseph Piche 
Chief Executive Officer and Founder 
Eikos Inc. 

Before the Senate Small Business and Entrepreneurship Committee 
April 18, 2007 

Chairman Kerry, Ranking Member Snowe, and Members of the Committee, it is an honor 
to be asked to testify this morning regarding the impact of Sarbanes-Oxley on small businesses. 

My name is Joseph Piche, and 1 am the founder and CEO of Eikos, Inc. Eikos is a high 
performance materials or “nanotechnology” company based in Massachusetts that makes 
flexible, transparent, conductive films for application to electronic displays, solar cells, touch 
screens and any other electronic application that might require a transparent and conductive 
material. I started the company in my basement in 1996, and we have grown to employ 16 very 
talented people. In 2006 we had approximately $3.5 million in sales, and our products have 
applications throughout the world. The health of Eikos stands upon its technological know-how 
and the associated portfolio of intellectual property. As much of our commercial sales are in 
Japan and Asia, we contribute in a small way to reduce America’s trade deficit. 

I am proud of what my team and I have done with Eikos, but we have reached a point 
where we need to access capital markets in order to continue to expand. We have explored 
various options and concluded that best venue for raising the required capital for expansion 
might lie in the public markets. As such, we explored the options within the U.S. and concluded 
that the atmosphere for doing so here was less favorable than utilizing other public markets such 
as the AIM in London. 

I am not an economist, nor an accountant, nor an expert in the details the issues regarding 
of regulation of public companies, but from my perspective as an entrepreneur, the atmosphere 
for raising capital in the U.S. has taken a turn for the worse, specifically, with regard to the cost 
of going public and the costs associated with compliance for a small public company in the U.S. 



78 


We at Eikos believe that some aspects of Sarbanes-Oxley have contributed to the current 
change in the financial climate in the US capital markets. While Sarbanes-Oxley has had many 
positive impacts, it has made it more difficult for me to take my company public - and it has 
dramatically increased our cost of doing business even as a private company. 

Let me say at the outset that I believe Sarbanes-Oxley is, for the most part, very good 
legislation. Entrepreneurs like me depend on our capital markets, and our capital markets 
depend on trust. Sarbanes-Oxley and the Public Companies Accounting Oversight Board have 
helped to restore the trust that corporate accounting scandals had helped to destroy. But over 
time, it has become clear that some of the secondary impacts of Sarbanes-Oxley have made it 
more difficult for companies like mine to do business. 

Increased Costs 

As 1 mentioned, Eikos now needs to raise capital through the public equity markets. 
However, due to the increased regulations of Sarbanes-Oxley, the cost for our company to obtain 
this equity may be extraordinarily high. The accounting costs specifically associated with taking 
a company public are now so large that they threaten to wipe out the funding that a company like 
Eikos would receive in its IPO. What is the incentive to take a company public when the 
company will not gain any capital as a result? 

The increased cost of accounting has far broader effect on small businesses than just the 
question of whether or not to go public. Sarbanes-Oxley has increased the demand for 
accounting services, while the accounting industry has consolidated. Due to increased demand 
upon a reduced supply, with the added burden the accounting firms themselves face due to more 
conservative business practices, the price for accounting services has increased dramatically. I 
have witnessed at least a 20 percent increase the cost of accounting services for Eikos. 



79 


This cost is small relative to the huge resource expenditure that public companies are now 
required to make as part of Sarbanes-Oxley. For example, I see other nanotechnology companies 
that have gone public, and are now spending more per employee on Sarbanes-Oxley compliance 
than they are spending on health care. This is not in the best interest of the companies or their 
employees. Eikos would be much more likely to go public, raising necessary capital, if we did 
not believe that the costs of compliance alone might be larger than the capital raised. Again, I 
believe that transparent accounting is vital for both private and public companies, but the high 
cost of accounting for small businesses is hurting their growth. 

Liability 

Sarbanes-Oxley’s liability provisions pose further difficulties for small businesses like 
mine. In the current business environment, high-quality executives and advisors are increasingly 
demanding that companies offer Directors’ and Officers’ (D&O) insurance. The increased 
liability imposed by Sarbanes-Oxley makes it simply not worth the risk to serve on a board of 
directors, for example, without the protection of insurance. Before Sarbanes-Oxley, I could buy 
good D&O insurance for $8,000. After Sarbanes-Oxley, the price shot up to $40,000 - a 500 
percent increase. And it is not the same policy: the deductible went up, and the coverage is 
much less comprehensive. 

At Eikos, we offer the best available health insurance. It is something about which I 
refuse to compromise, because I do not want any of my employees to worry about their health or 
the health of a family member. But the high cost of D&O insurance is forcing me to make a 
choice between maintaining this high standard and offering the insurance coverage necessary to 
attract and retain the best management and directors. It cannot have been the intent of Congress, 
when it passed Sarbanes-Oxley, to put small businesses like mine in such a dilemma. 

Driving Investment Overseas 



80 


I cannot emphasize enough how important it is that America have capital markets that 
lead the world in transparency and accountability. It is our transparency and accountability that 
inspire the global investment community’s confidence in American markets, which attracts 
investment from around the world to the United States. Sarbanes-Oxley was designed to 
strengthen the world’s confidence in our markets, and thus attract even more foreign investment. 

This was a noble goal, and in many ways it has succeeded quite well. But in some ways 
it has gone too far. Some of the very requirements in Sarbanes-Oxley that were designed to 
restore global confidence in American markets are creating tremendous financial incentives for 
private American companies to go public - not in the United States, but in other countries. By 
increasing the costs of going public in the United States, Sarbanes-Oxley is giving foreign capital 
markets a competitive advantage over American markets. 

Eikos has carefully considered going public on the London AIM stock exchange. We 
estimate that it would cost Eikos approximately $2 million to go public on a U.S. exchange, but 
only $500,000 to go public on the AIM. We are by no means alone: IPOs in foreign markets 
have increased over the last several years, while IPOs in U.S. markets have held stagnant or 
decreased. 

Conclusion 

1 would like to thank you. Senator Kerry, for your leadership in sponsoring legislation to 
help make it easier for small businesses to comply with Sarbanes-Oxley. I would also like to 
thank the Members of this Committee for your ongoing commitment to supporting small 
businesses like mine. America’s small businesses are engines of innovation and employment, 
and they are absolutely essential to the nation’s continued competitiveness in the 2 1 st century’s 
global economy. 



81 


Chairman Kerry. Thank you very much, Mr. Piche. 

Let me just pick up with you, since you testified last. So what 
would you do? What is the balance here? 

Mr. Piche. What would I do today? I would use the London AIM 
because I utilize the concept of Ockham’s razor. When you have 
two different alternatives, I take the simpler and the more cost ef- 
fective for the company, because as the CEO, it is my duty to do 
that which provides the most benefit to the stockholders and the 
employees, many of which are stockholders. 

Chairman Kerry. How do you do that and maintain the integrity 
that everybody has fought for? There are a lot of folks who believe 
that the London standard, in fact, has no minimum size require- 
ments, no minimum public float, no minimum share value, no gov- 
ernment review of company disclosure documents, and so, in effect, 
they are exempting people from the full code of corporate govern- 
ance. I mean, the so-called “attraction” is to go back to the Wild 
West. 

Mr. Piche. I understand what you are saying. I am not an expert 
in this area. However, as a CEO, I am focused on the growth of 
the corporation and, therefore, our perspective is we care very 
much about corporate governance and we are not in a position to 
make decisions regarding how the law should be changed or modi- 
fied in any way. However, we would like to run Eikos in a right, 
good, and proper way. When we talk to the people that come to our 
company, knocking on our doors as representatives of the AIM, 
often unsolicited, we 

Chairman Kerry. Is that what is happening? They are coming 
over here and come to our market because we are 

Mr. Piche. That is correct, yes. It has happened to us at Eikos, 
so 

Chairman Kerry. Well, I wish — again, this is the problem you 
have when you have the order of testimony, and we tend to do this 
on all our committees here, the regulatory folks first and then they 
are gone. It would be good to get the interaction, actually. I think 
in the future, I am going to try to see if we can’t set it up that way 
a little better. 

Obviously, the testimony of Chairmen Cox and Olson is that they 
are moving in Europe to adopt a similar standard here. Now, the 
AIM actually contradicts that, and in fact, there was a pretty dra- 
matic example recently of a company that placed a convertible loan 
stock on the market. It knew its financial performance was going 
to fall short, and when they prepared a news release to that effect, 
the investment banker advised them to withhold it until after the 
offering was complete, and they did, and then, of course, the news 
came out and it lost 75 percent of its value in 2 days and it got 
a tiny slap on the wrist. I mean, it was like nothing had happened. 
So again, that is clearly not the standard that we want to go back 
to. 

Mr. Piche. Correct. 

Chairman Kerry. We would like to see people move rapidly to 
here. I assume we may be losing a few folks who want to go out 
into that kind of an atmosphere, but I am sure that investors 
broadly, as they look at the movement of capital and the safety of 
that capital, are going to ultimately have some problems with that. 



82 


Mr. PiCHE. Possibly. However, the way we look at it at Eikos, if 
I may say so 

Chairman Kerry. Yes. 

Mr. PiCHE [continuing]. Is that our example is if we are going to 
put an addition on a home and we needed to borrow $250,000 for 
an addition for new bedrooms for children or such and we have the 
opportunity to get it from bank one at a certain rate, but we can 
get it at bank two at half the rate, we will get it at bank two at 
half the rate, end of discussion. We go in the direction of 

Chairman Kerry. So the bottom line 

Mr. PiCHE [continuing]. What is best for the 

Chairman Kerry [continuing]. Will drive it no matter what? Mr. 
Wasielewski, you are nodding your head in assent there. Do you 
want to add on? 

Mr. Wasielewski. Yes. It gets back to the cost versus the ben- 
efit. Is it worth it? 

Chairman Kerry. I am struck. You are on a pretty tight profit 
margin. 

Mr. Wasielewski. Yes, we are, and 

Chairman Kerry. With that kind of revenue, that surprised me. 

Mr. Wasielewski. We need the different markets to raise cap- 
ital. We believe in the U.S. markets. It is our next area to raise 
capital and cash to fund our growth, but we also have to balance 
that against venture capital and even going private. So we do that 
on a constant basis and it is reviewed on an annual basis, some- 
times more often. 

Chairman Kerry. And your net view of Sarbanes-Oxley is — I 
mean, you seem to support in your testimony the notion of having 
this kind of accountability, but you have a “but” there, right? 

Mr. Wasielewski. Yes, absolutely. It is getting to where it is 
working — it was encouraging to hear the discussion earlier that 
they are working towards it, that they are taking our scale into 
consideration. I am concerned that when these 6,000 other filers 
hit the marketplace, what it is going to do to the cost again to the 
accountants and auditors and services that are going to be needed. 
Is that going to do another bump in our costs that you have on the 
board? Are they going to go higher? Are they going to be 26 cents 
and $2? That is a real concern of ours. So they really have to keep 
that cost-benefit under control. 

Chairman Kerry. Mr. Venables, you all heard the testimony of 
the folks who preceded you. I know I have heard this from bankers 
previously about the FDIC experience and so forth and that the 
404 seems to go beyond that and you felt that it was adequate, and 
there is every indication that it was adequate, as a matter of fact. 
Were you satisfied that what they said is going to sufficiently take 
into account the concerns you all have expressed? 

Mr. Venables. Only partially, Mr. Chairman. If I can give you 
a little example from our own company, in 2002 when I became 
CEO of Benjamin Franklin Bank, the bank had run amuck of some 
regulatory matters and there was a requirement for a new CEO to 
come in and I was part of that change. At the time, the bank was 
$450 million in size. It was not required to be FDICIA registered 
in any way, but I made the decision as a new CEO that I wanted 



83 


to make sure I understood the controls. I wanted to make sure we 
had a proper framework for risk. 

And so we did an early adoption of FDICIA and voluntarily im- 
plemented those controls and I had a very powerful management 
tool out of the FDICIA exercise to enable me to understand exactly 
how this company was running and what changes needed to he 
made. We emerged from the excess regulatory oversight almost im- 
mediately and enjoy a very, very high rating in all of our areas, es- 
pecially in our compliance areas. 

Now, in 2005, we did an initial public offering. Obviously, we be- 
come affected by Sarbanes-Oxley. In 2006, we became an acceler- 
ated filer and needed to go through that whole exercise as I out- 
lined. That whole exercise resulted in these tremendous costs as we 
have outlined, and yet I did not pick up any additional ability to 
better manage our company. I think that is the big frustration. 

When I hear the PCAOB and the SEC talk about reforms, I am 
greatly encouraged. We think that is definitely heading in the right 
direction. But there are a couple caveats. The first is the devil will 
be in the details, and unfortunately, as a new Accounting Standard 
5 is being evolved, there are decisions that need to be made today 
by managements of companies who are non-accelerated filers with 
respect to how they need to implement these controls and to which 
standards are they needing to adhere. I think ABA is very troubled 
by the fact that until those standards are actually in place, it is 
unfair to set deadlines for compliance and we really feel that there 
should be a full year after the final rules are generated before 
smaller companies 

Chairman Kerry. Sure. Well, I see the folks who are here taking 
some notes on that. I think that is an important thing for us to 
convey and to have some dialogue with the folks who testified pre- 
viously. 

Senator Snowe and some of my colleagues will draw this out a 
little more, so let me cede my time here. 

Senator Snowe. Yes. To follow up on that delay, were you sug- 
gesting a year delay from 

Mr. Venables. We are suggesting a year delay from when the 
final rules have been put in place and tested. Our concern is that 
it is changing rapidly. My own experience as a company, I know 
that the Chairmen feel that implementation sometime in June 
would be adequate for the controls that are necessary for the year- 
end financial statements. I assure you they are not. There are two 
things happening at once. 

One, there is a tremendous resource drain, and by that, I mean 
not only the internal small business staffers who need to put all 
this in place, but also the outside experts. They all will have this 
crush of companies that need to comply and the meter runs very 
high in those types of scenarios. 

Secondly, the way the rules work and the proper framework is 
that you build the framework and then you test. You may find as 
a result of the test that you have a deficiency. If you find you have 
a deficiency, then you need to fix that and then retest. Every one 
of those cycles is a 3-month — is a quarterly cycle, so that if you do 
have control issues that need addressing, you may not have an op- 
portunity to address them and have them implemented by the time 



84 


of your annual statements at the end of the year, and that could 
have serious repercussions. 

Senator Snowe. I see. So when you are talking about non-accel- 
erated filers, they haven’t done any testing on those standards, or 
audited those standards, because they haven’t been put in place? 

Mr. Venables. That is correct. 

Senator Snowe. So when they were talking about the various 
dates, March 2009, the date companies need to have the auditors 
review their company’s internal controls, does that apply to non-ac- 
celerated filters? 

Mr. Venables. I think that is what they are addressing, yes. 

Senator Snowe. But that is not sufficient because companies 
need to furnish their assessment of those controls in March of 
2008. 

Mr. Venables. Senator, if the rules were in effect today, that 
could very well be sufficient. 

Senator Snowe. OK. So it is just a matter of time, that is the 
big question. 

You mentioned the fact of increasing the number of share- 
holders — the current is 500 to 1,500 or 3,000. Can you explain how 
that would benefit community banks, for example? 

Mr. Venables. Certainly. 

Senator Snowe. What would be the benefit of that? 

Mr. Venables. It is one of these issues that existed, and then 
with the advent of Sarbanes-Oxley and all of this talk it became 
a much more critical issue. Today, the threshold for non-filers is 
the 500 record shareholders and the $10 million in assets. Well, in 
banks, we all have more than $10 million in assets, so it is the 500 
shareholders. The standard was set in 1964. 

Over the course of the years, in these small, rural in many times, 
banks, there may be generations that are inheriting the stock, and 
where you might have had one holder, now you have three children 
and then you might have five grandchildren, and over time, the 
number of shareholders has crept larger. The statute has not 
changed at all to keep up with the number of investors. 

ABA did some research and determined that, and you can pick 
any standard, but one that they found was a reasonable approach 
was let us look at the number of shareholders there are out there 
in the investing public back in 1964 and let us look at the number 
today, and if we apply that same rate of growth, the 500 threshold 
limit of 1964 would be more like the 1,500 to 3,000, depending on 
how you interpret the data, of today. So it is merely trying to have 
that change sort of indexed for the fact that there are many more 
investors and there are small companies that have a tough choice, 
because if they go over 500, they become registrants. They can’t 
necessarily — there is still an investment opportunity 

Chairman Kerry. It is still small income. 

Mr. Venables. Yes. 

Senator Snowe. I know that some of the banks that I have heard 
from in Maine are having to both comply with the banking regula- 
tions as well as Sarbanes-Oxley. Is there no way to consolidate any 
of these requirements? 

Mr. Venables. Well, I don’t think there is a way to consolidate 
all of it, but I think a lot of the auditing standards can be made 



85 


similar so that we are not doing a completely different controls 
framework by one set of standards and then also maintaining 
FDICIA. I will tell you in the case of my own company, you may 
know that the FDICIA standard has now gone to $1 billion. Well, 
we are a $913 million company and we have decided to continue 
with FDICIA controls because we can discontinue perhaps this 
year, but with any growth, we will be facing them again. So we are 
maintaining two sets of intense risk management frameworks and 
I don’t think that is necessary. 

Senator Snowe. Thank you. Mr. Wasielewski and Mr. Piche, 
could you tell me, was there anything that you heard from both 
Chairman Cox and Mr. Olson with respect to the issues that they 
addressed in harmonizing the audits, any of the issues that made 
it more positive? 

Mr. Wasielewski. Let me take that. The integration audit is 
really important because that could help us greatly on costs. You 
are working with the same audit team. I think that comment has 
probably got the biggest benefit that would be the biggest step that 
could be taken. The fear is to have a different audit team in there 
and have to reeducate them just like you do on your financial state- 
ments. These folks know our business. They know our processes al- 
ready. That could be a definite benefit, so that is an encourage- 
ment. 

Senator Snowe. And you mentioned scalability. Do you think 
that it addresses that in that sense, that it avoids the one-size-fits- 
all? 

Mr. Wasielewski. I don’t know. 

Senator Snowe. Yes. 

Mr. Wasielewski. Based on what he said, I have a feeling that 
is the tough nut in how they go about trying to get that equal on 
that slide behind you in the future. 

Senator Snowe. Right. 

Mr. Wasielewski. We just get the higher price of audit and audi- 
tors and accountants by supply and demand, I think, is the biggest 
issue that we are going to face. 

Senator Snowe. That is why we need to get an updated assess- 
ment of the costs, you know, for every $100 revenue, it is $1.14 in 
audit costs. 

Mr. Wasielewski. Remember, there are only a couple thousand 
that file today and, 6,000 that haven’t filed yet. That work hasn’t 
been done on our side and the impact isn’t on theirs either. We 
have done a lot. We have improved the internal control. We feel it 
is a lot better. I know our investors do. It is just that it would be 
nice to field test what they are proposing right now, so we could 
understand the impact or it might even be more. 

Senator Snowe. Mr. Piche? 

Mr. Piche. Regarding that specific question? 

Senator Snowe. Yes, that is right. Yes. Was there anything that 
you heard that was more positive that might affect the bottom line? 

Mr. Piche. My concern is that I didn’t necessarily hear a clear 
pathway that I understand, but again, I am not a professional ac- 
countant or regulator, I am a chemist by training and an entre- 
preneur, and my fear is that it sounds slightly more complex, be- 
cause then there is now another level of making determinations 



86 


and definitions as to, well, what should be audited and where do 
the limits begin and end. So there might be another layer of re- 
quirements on top of the ones that already exist. 

Senator Snowe. And in your particular situation, would you wait 
to see how, this all shakes out in the process? 

Mr. PiCHE. We cannot. 

Senator Snowe. No, you cannot. 

Mr. Piche. No. I think no small company can. It is a global econ- 
omy. My competition is everywhere. 

Senator Snowe. Right. It is interesting because the GAO did a 
study of IPOs in the period between 1999 and 2004 and showed a 
decrease of IPOs, from 70 percent to 46 percent. So it would be in- 
teresting to know exactly where that stands today. I think that is 
true, because the initial capitalization is extremely important for 
any small company, small public company. This is a real issue, be- 
cause you are really the essence of job creation in many ways. 
When you grow from a small business to a public company, that 
is where the innovation emerges. 

So I think this is something we are going to have to examine. At 
the same time we must make sure we calibrate the right approach 
and preserve the public interest in response to what happened with 
Enron and WorldCom. 

Thank you. I appreciate your comments here today. Thank you. 

Chairman Kerry. Thank you. 

Senator Coleman? 

Senator Coleman. Thank you, Mr. Chairman. I associate myself 
with the comments of the Senator from Maine in terms of what we 
have to do here. Just two quick questions — and by the way, this 
has been a very good hearing, very helpful. We have talked about 
or just touched upon various issues — willingness to serve on 
boards, what kind of direction and leadership are going to be avail- 
able to small business if folks find it difficult or impossible to serve 
on boards, and the cost of accounting, and then as the system 
grows, the pressures of supply and demand is just going to push 
up the costs. So we haven’t capped out costs here. If anything, they 
are going to rise significantly. 

Just two quick questions. Mr. Venables, you made the point 
about the need for delay perhaps of 1 year for those non-acceler- 
ated filers, but the other point, then, I take it, is that it is urgent 
that that decision be made soon. That has got to be one of the fac- 
tors. Rather than wait for us in Congress to do something, it is my 
sense you need to know soon whether there will be delay for that 
year? 

Mr. Venables. Certainly, Senator Coleman, and in conjunction 
with that, as well, the work that you heard PCAOB and the SEC 
working on together with respect to the new audit standards also 
needs to be finished as quickly as possible. 

Senator Coleman. I hope, again, staff is listening. It goes to the 
Chairman’s point about having folks here to hear that. 

Mr. Wasielewski, you were actually very positive about some of 
the changes but talked about cost. I don’t know if I heard this. 
Have you thought about going private? In spite of you being profit- 
able, you have got a really thin line here. You make, what, one 
point, you spend about as much on auditing as you make in profit. 



87 


Mr. Wasielewski. Yes. 

Senator Coleman. Where are you at on that decision? 

Mr. Wasielewski. Well, I think the hoard and our CEO and I 
and the officers review it on an ongoing basis. Again, we do believe 
in the U.S. capital markets and that that is a good place for us to 
get some cash and invest in our business. So right now, that is the 
strategy. As these things grow and these things pan out, you know, 
they are always taken into consideration. It is a dynamic decision 
point. We do review it, not at every board meeting, but at least one 
time a year, that particular situation. 

Senator Coleman. So it gets to that question of balance and at 
certain points the balance tips over and says, we can’t afford to be 
in this public market. We just have to go private. 

Mr. Wasielewski. And again, it is a balance of benefits and cost. 
I think everybody said that. It is definitely, and I think nobody 
would disagree that it is definitely weighted now on the costs. The 
benefits are in place the last 5 years. Our internal controls are bet- 
ter. Most small companies are better. It is the question of how 
much more better do we have to get and at what cost. 

Senator Coleman. Mr. Chairman, thank you. 

Chairman Kerry. Thank you very much. 

Yes, Mr. Venables? 

Mr. Venables. If I may make one follow-up comment on the cost, 
we have been concentrating, I think, a lot on the first-year cost, 
and I do want to share with you an illustration of subsequent costs 
because I think they are important, as well. In 2005, our bank 
went public and had an acquisition, so obviously we had substan- 
tial audit costs related with those transactions. In 2006, we imple- 
mented Sarbanes-Oxley. We had substantially higher audit costs. 
Our auditors tell us that our budget for 2007 is less than 2006. The 
second-year costs are lower than the first-year costs, but they are 
still substantially higher than 2005, the year that we went public 
and the year that we made an acquisition. So it is embedded as an 
additional layer that that will go on for earnings. 

Senator Snowe. May I? 

Chairman Kerry. Yes. 

Senator Snowe. Do you think that there has been an impetus to 
shift from public to private companies? I mean, there has been a 
lot of shift in that respect. Do you think that this has been an im- 
petus for that? 

Mr. Venables. From my own experience, I can tell you that in 
the banking industry, there are certainly many banks that have de- 
layed going public for this reason. 

Senator Snowe. Because of the costs and because of the com- 
plexity of the regulations? 

Mr. Venables. Exactly. 

Mr. Wasielewski. Let me just add to that. It is not only Sar- 
banes-Oxley and the internal control, it is all the SEC regulations 
and compliance stuff that have taken place. Our 10(k) in 2002 was 
47 pages long. This year, it is 95 pages plus. It is a substantial 
amount of work to meet these requirements and we are not even 
at the Sarbanes-Oxley attestation point yet, so it is not only the in- 
ternal control. 

Senator Snowe. Thank you. 



88 


Chairman Kerry. This is tough stuff. If I could just ask Mr. 
Piche, speaking generally, to come back to the VC question I asked 
earlier. Is it, in fact, making it harder to find investors rather than 
easier? As the argument is made, because there is an assurance of 
the openness and accountability, do investors feel safer or is it 
harder? 

Mr. Piche. From the investors’ perspective? Well, from the CEO’s 
perspective whose ambition it is to raise money to grow the cor- 
poration, from the many CEOs that I know, I think we uniformly 
believe that it has become more difficult. I was at a meeting of the 
Nano Business Alliance yesterday and I talked with many CEOs 
over the course of 2 days in Manhattan. I had the opportunity to 
be on the floor of the NASDAQ yesterday at the closing as part of 
that and it was fun. But I hear anecdotal stories often, in taxi 
lines, from friends of mine that are CEOs of small public compa- 
nies, and we see the same thing, which is that it is harder to raise 
funds privately because of it and it is harder to raise funds publicly 
and the costs associated are substantial. 

Chairman Kerry. I am particularly struck by the issue on the 
banks, and I think that it would be important for the SEC and the 
PCAOB to look hard at this issue of the FDIC Improvement Act re- 
quirements and what the banks are already jumping through and 
this question of harmonization, because I have heard this from 
small bankers all over the country. What was it that you said? You 
said 6 percent — who said 6 percent? Who said 6 percent of your 
profits are 

Mr. Venables. Six percent. 

Chairman Kerry [continuing]. And that is above what you were 
already committed to the FDIC? 

Mr. Venables. Oh, yes. That was just incremental costs 

Chairman Kerry. That is an incremental cost, an additional 6 
percent of profit, on a $406,000 

Mr. Venables. Exactly, for the implementation effort. 

Chairman Kerry. I think that is something that folks really 
need to think about hard, especially when there is a pretty strong 
individual regulatory process already in place, whether there is a 
harmonization process and whether that is sufficient and, there- 
fore, all that is required. I mean, that is a judgment. You talk 
about risk assessment and judgment. The risk assessment ought to 
be made with respect to that standard, whether or not it is ade- 
quate for the industry, since it is an industry-wide standard. 

I served on the Banking Committee for 10 years and I was there 
when we did the RTC and went through that horrible period, and 
I think that since then, we have already responded to the crisis of 
confidence in the marketplace and there is no evidence at this 
point, in my judgment, that it is somehow being abused. So again, 
there is an example potentially — I am saying potentially — of where 
this double requirement may, in fact, really be a drag on our econ- 
omy and a drag on business. 

So there is a lot to look at here and I want to — I am confident 
that Senator Snowe wants to join with me, and we will team up 
to put some thoughts in front of the Chairmen. I think this has 
been very important and very, very helpful today. 

Senator Snowe, do you have any additions? 



89 


Senator Snowe. No. I thank you. I appreciate it, but I think it 
does underscore the serious challenges and impediments that you 
face. We just really have to make sure that we reasonably under- 
stand the impact and the severity of the burdens of these regula- 
tions. On one hand, we have to address the public interest ques- 
tion, and on the other hand, we have to make sure that we develop 
and encourage job creation through your leadership. These are not 
mutually exclusive endeavors. I am sure that we can try to get this 
right, and that is what we will attempt to do through some legisla- 
tive mechanisms, as well. So I appreciate your thoughtfulness and 
your comments here today. 

Chairman Kerry. Thank you very, very much. Again, thank you 
very much, all of you. We appreciate it. 

We stand adjourned. 

[Whereupon, at 12:33 p.m., the Committee was adjourned.] 




APPENDIX MATERIAL SUBMITTED 


(91) 



92 


Questions of Senator Kerry for 
SEC Chairman Christopher Cox 
Small Business Committee Sarbanes-Oxley Hearing 


1 . Extension of Section 404 Deadline for Small Businesses, 1 appreciate your prior 
efforts to provide small businesses with additional time to comply with the Sarbanes- 
Oxley regulations. I understand and agree with the idea that small public companies need 
to comply with the law as quickly as possible. But, many in the small business 
community, inciuding witnesses heard from at the hearing, believe that small public 
companies will need more time than big businesses to comply with the final changes to 
the Sarbanes-Oxley rules. Now that the rules have gone final, non-accelerated filers that 
have not yet had to comply w'ilh the law only have six months to implement the controls 
according to the new regulatory environment. As you know. Senator Snowe and I have 
asked you to consider providing additional time. 

t Do you expect non-accelerated filers to be able to comply under this 

timeframe? Please explain your reservation to providing the additional time 
that small firms have stated that they need. 

ANSWER: 

Yes, Since the SEC has deferred compliance for non-accelerated filers four times in an 
effort to ensure that the burden of compliance did not unduly impact smaller companies, 
adequate time to prepare should not be an issue. All other public companies in the 
United States already have three years of reporting on internal controls behind them. 
Nonetheless, wc will continue to monitor the trends in compliance to determine whether a 
further extension is justified before smaller companies would otherwise have to comply 
with the audit requirement beginning with the SEC filings in 2009. 

The very positive result of our determination to phase in 404 compliance for smaller 
companies is that we and they have had the opportunity to field lest the requirements so 
that smaller companies have the benefit of learning from the experiences of larger firms. 

These experiences have deeply informed the SEC’s new Interpretive Guidance and the 
PCAOB's proposed new auditing standard. It is important to note that the SEC’s 
interpretative Guidance is optional, providing those choosing to use the guidance a means 
for complying with section 404, and does not impose any new requirements. The 
continued phased implementation will allow smaller firms to start complying with section 
404(a) of SOX starting in 2008, while the first audit under section 404(b) won’t be due 
until 2009. 

■fhe SEC's new guidance is intended to be of significant and direct help to smaller 
companies. Completing the implementation of Section 404 is important to further 



93 


enhancing the quality of reporting and increasing investor confidence in the fairness and 
integrity of the securities markets. The Commission and the PCAOB will continue our 
ongoing outreach efforts over the coming months to ensure that the changes recently 
made in the implementation of section 404 live up to our expectations for a more 
effective and efficient system for all filers. 


2. SFX/Congressiona! Action to encourage businesses to go public. In order for our 
economy to grow, we need more small businesses to become public companies and to 
create new jobs, 

• Beyond making appropriate changes to the Snrbanes-Oxley regulations, what 
efforts can the SEC and the Congress take to help more small businesses, 
especially minority small businesses, become small public companies? 

ANSWER: 

We continually review our regulations with a view towards reducing the burdens of being 
a public company and to remove obstacles to raising capital, consistent with investor 
protection. For example, on May 23 the Commission approved a package of rule change 
proposals designed to modernize and streamline capital raising and reporting 
requirements affecting small business. The small business improvements that the SEC 
recently proposed include: 

• Giving small businesses access to the e.xpedited "shelf registration process for 
their own securities offerings, which previously was available only to big 
companies. 

• Cutting papersvork for thousands of small businesses, by allowing them to raise 
capital in a private offering after filing a simplified Form D online. 

• Establishing shonened holding periods for restricted securities, making it easier for 
small business shareholders to put their securities on the market sooner and 
hopefully reducing the discount that small businesses must absorb to sell restricted 
securities. 

• Giving issuers the benefit of a new, limited offering exemption from Securities Act 
registration requirements for offerings and sales of securities to a newly defined 
category of "qualified purchasers" in which limited advertising would be permitted. 

• Eliminating the limit on the number of employees who can receive stock options 
from their fast-growing private firms, improving the ability of emerging growth 
companies to attract and retain talent without prematurely triggering the 
requirements of the Exchange Act. 



94 


• Providing a simplified system of disclosure for almost 1,600 additional smaller 
public companies, an increase of over 45% in the number of small companies that 
arc currently eligible. 

Many of these rule proposals address key recommendations made by the Commission’s 
Advisory Committee on Smaller Public Companies. We look forward to further input 
from the small business community as we receive the public comments on those 
proposals. We will continue to consider additional recommendations made by the 
Advisory Committee. 

In addition, we regularly engage in outreach to the small business community in other 
\s a) s. For example, we hold an annual forum that focuses on the capital formation needs 
of small businesses. A major purpose of this forum is to provide a platform for small 
companies to highlight improvements needed to the capital-raising process and the 
related regulatory requirements. In recent years, the forum has included small interactive 
breakout groups to develop recommendations for government action and, in some cases, 
legislation. We expect to host another forum this fall. 

F inalK . w hile it is outside the regulatory purview of the SEC to address tax policy, it is 
consistent with our statutory mandate to promote capital formation to observe that the 
regime for the taxation of gains from investment in securities has a direct and significant 
impact on smaller companies’ cost of capital and thus the ability of small businesses, 
including minority small businesses, to become public companies. Congress, of course, 
has plenary authority over such matters. 



95 


Senator Olympia J. Snowe 
Follow-up Questions 
Small Business Committee Hearing 
April 18,2007 

Question For Chairman Cox 
1. 1934 Securities Exchange Act. 

How would the SEC benefit from making the Sarbanes-Oxley Act of 2002 part 
of the 1934 Securities Exchange Act? What is the SEC's opinion of 
recommendations suggesting that Congress expressly incorporate Sarbanes- 
Oxley into the Securities Exchange Act? 

ANSWER: 

There is no particular benefit that would be achieved by making the Sarbanes-Oxley Act 
of 2002 ("SOX”) part of the Securities Exchange Act of 1934 (“Exchange Act”). Indeed, 
many of the provisions of SOX are already incorporated into the Exchange Act. For 
example, many of the provisions in Titles II, IV, V, and VI of SOX are drafted as 
amendments to the Exchange Act. In addition, many of the provisions in Titles VIII, iX 
and XI of SOX arc criminal provisions incorporated into Titles 18 and 28 of the U.S. 
Code: and some provisions arc drafted as amendments to the Employee Retirement 
Income Security Act of 1974 and the bankruptcy laws. There would appear to be little 
benefit from making these provisions part of the Exchange Act. Still other provisions of 
SOX, such as those in Title VII, include study and report requirements that already have 
been complied with, and including these provisions in the Exchange Act would not 
appear (o have any effect. SOX does include some stand-alone provisions, particularly in 
riiie I. which provides for the establishment and oversight of the Public Company 
Accounting Oversight Board ("PCAOB”), and in Titles III and IV, 

The Commission has extensive rulemaking authority under SOX, similar to that provided 
under the Exchange Act. Section 3(a) of SOX expressly grants the Commission general 
rulemaking authority to promulgate rules and regulations in furtherance of the Act. In 
addition. Section 3(b) of SOX provides that a violation of the Act, a Commission rule 
under the .Act, or a rule of the PCAOB shall be treated as a violation of the E.xchangc Act, 
enabling the Commission to exercise its enforcement authority under the Exchange Act 
with respect to the provisions of SOX. 

While we do not recommend incorporating SOX into the Exchange Act, there is one 
particular legislative change to SOX to moke it consistent with the Exchange Act that 
would be beneficial. SOX does not include an explicit grant of general exemptive 
authority, while the Exchange Act does. We recommend that Congress grant explicit 
exemptive authority to the Commission over those provisions of SOX that are not already 
incorporated into the Exchange Act (and for which SOX currently does not provide 
s/weifk- c.semplive authority). 



96 


2. SEC's Ability to Raise Shareholder Limit. 

Does the SEC currently have the authority to raise the shareholder threshold 
limit, below which companies are exempt from specific SEC requirements, 
from 500 shareholders to a higher number? 

ANSWER: 

In connection with directing the staff to advise the Commission on possible amendments 
to the Commission’s rules that relate to the shareholder threshold that triggers registration 
under Section 12(g) of the Securities Exchange Act of 1934, 1 also have directed the staff 
to determine whether we have sufficient authority to undertake that action. We will let 
you know of any future action that we decide to take to amend these rules, and whether 
additional authority is needed. In this connection, I have also directed the Commission’s 
Office of Economic Analysis to undertake a review of the Section 12(g) registration 
standards to determine whether they continue to be the most appropriate means of 
accomplishing the objectives of Section 12(g). 

3. SEC and Arbitration. 

Where is the SEC on its shareholder arbitration initiative? If the SEC is serious 
about this proposal, how will the SEC ensure that future regulations balance 
shareholder rights against the need to promote efficient capital markets and 
diminish costly litigation? Are there any other tools the SEC needs from 
Congress to further promote dynamic and efficient capital markets that protect 
investors? 

ANSWER: 

There is no pending rule or proposal before the Commission to allow corporations to 
mandate arbitration of shareholder claims. Corporations should not be able unilaterally 
to limit the rights of investors to sue, and I can assure you that the Commission does not 
plan to advance any proposal that diminishes investor rights. Because shareholders 
benefit from efficient capital markets and efficient dispute resolution, these goals are 
mutually reinforcing. The SEC will continue to examine ways to further promote 
dynamic and efllcient capital markets that protect investors, and we believe we have the 
necessary tools to do so. 

4. Backdating of Stock Options. 

What is the status of pending investigations and civil actions the SEC has taken 
against firms and executives alleged to have backdated stock options? What is 
the estimated timing and the number of future SEC actions on this issue? 


ANSWER: 



97 


The SEC’s Division of Enforcement is currently investigating more than 140 companies 
for possible fraudulent reporting of stock option grants. The companies under 
investigation arc located across the country, are of various sizes, and span multiple 
industry sectors. All of the SEC’s regional offices are currently involved in these 
investigations. 

Longstanding SEC policy precludes the disclosure of any information about these 
ongoing investigations: however, enforcement actions have been filed against former 
CNCcutives of Symbol Technologies, Peregrine, Brocade, Comverse Technology, 

McAfee, Monster Worldwide, TakeTwo Interactive Software, Engineered Support 
S) stems, Apple Inc. and Mercury Interactive. To date, the Commission has brought 
enforcement cases against 4 issuers and 19 former executives. These cases involved 
alleged misconduct ofchiefexecutive officers, general counsels, chief financial officers, 
and other accounting and human resources employees. The Department of Justice has 
also brought parallel criminal actions against 10 of the 18 former executives charged by 
the Commission. 

Below are details of enforcement actions brought by the Commission to date: 

SEC V. Michael F. Shanahan. Sr., el a!. (Engineered Support Systems): On July 12, 

2007, the Commission filed a civil injunctive action against Michael F. Shanahan, Sr. 
(former ESSI Chairman and CEO) and Michael F, Shanahan, Jr. (former ESSl Comp 
Committee Member) alleging that they participated in a scheme to grant undisclosed, in- 
the-money stock options to themselves and other ESSl officers, directors, and employees, 
from 1 997 to 2002. As a result of the backdating, the Commission alleged that ESSl 
failed to disclose approximately $20 million in unauthorized compensation. The 
Commission alleged that Shanahan, Sr. personally profited by over $8.9 million from the 
scheme; Shanahan. Jr. personally profited by approximately $380,000. Both are 
litigating. 

SEC 1 '. Brocade Communications Systems: On May 31, 2007, the Commission filed a 
settled civil fraud action against Brocade for falsifying its reported income from 1999 
through 2004 through the backdating scheme committed by its former CEO and other 
former executives. The company settled the action by agreeing to an antifraud injunction 
and payment of a $7 million civil penalty. 

SEC Mercmy Interactive LLC (f/k/a Mercury Interactive Corporation): On May 3 1 , 
2007. the Commission filed a civil fraud action against Mercury Interactive and four of 
its former executives - former Chairman and CEO Amnon Landan, former CFOs 
Sliarlenc Abrams and Douglas Smith, and former GC Susan Skaer- alleging a fraudulent 
hcliemc from 1997-2005 that included; (a) fraudulent backdating of option grants that 
understated expenses by at least $258 million; (b) fraudulent disclosures concerning 
Mercury's "backlog" of sales revenues to manage its reported earnings; (c) fraudulent 
loans for option exercises by overseas employees to avoid recording expenses; and (d) 
backdating of option exercises of certain e.xecutives. Mercury settled the case by agreeing 



98 


to an antifraiid injunction and payment of a $28 million penalty. [Mercury was acquired 
by Hewlett-Packard Company on Nov. 8, 2006, after the alleged misconduct.] 

SEC v. Nancy R. Heimn and Fred D. Anderson (Apple): On April 24, 2007, the 
Commission sued Nancy Heinen, former general counsel of Apple Inc., for participating 
in tlie fraudulent backdating of two large option grants to Apple's top officers that caused 
the company to underreport its expenses by nearly $40 million. The Commission also 
filed a settled action against former Apple CFO Fred Anderson, alleging that Anderson 
should have noticed Heinen's efforts to backdate a large executive team grant but failed to 
take steps to ensure that Apple's financial statements were correct. Anderson agreed to a 
permanent injunction and payment of approximately $3.5 million in disgorgement and 
penalties in order to settle the matter against him. 

SEC v. Keni H. Roberis (McAfee): On February 28, 2007, the Commission sued Kent 
Roberts, formerly secretary of the compensation committee of McAfee's board of 
directors and general counsel, for allegedly falsifying the minutes of a compensation 
committee meeting, and directing the company to issue a 420,000 share option granrto 
McAfee's chief executive a day later than the committee had directed. This litigation is 
ongoing. 

SEC 1 ’. Myron F. Otesnyckyj (Monster Worldwide): On February 15, 2007, the 
Commission sued Myron Olesnyckyj, the former general counsel of online search firm 
Monster Worldwide, for his alleged role in a multi-year scheme to secretly backdate 
stock options granted to thousands of Monster ofTicers, directors and employees, 
including grants to him. Olesnyckyi allegedly falsified documents to make it appear as if 
the company had actually granted options on certain dates, which in reality had been 
selected after the fact by looking backward for a dale on which the stock price was low. 
On March 27. 2007, Olesnyckyj settled to a permanent anti fraud injunction and 
permanent officer and director bar. 

SEC V. Ryan Ashley Brant (TakeTwo Interactive Software): On February 14, 2007, the 
Commission settled charges that Ryan Brant, the former CEO and chairman of board of 
directors of TakeTwo Interactive Software, had illegally backdated options. Brandt and 
others at TakeTwo referred to their granting practices as "pick-a-date" option granting. 
Brandi agreed to pay over $5.2 million in disgorgement and prejudgment interest and to 
pa\ a SI million penalty, and agreed to a permanent officer and director bar. 

SIX ’ I , Steven ./. Landmann, SEC v. Gary C. Gerhard! (Engineered Support Systems): 

On February 6. 2007, the Commission sued Steven Landmann, the former controller of 
linuineered Support Systems, and Gary Gerhardt, the former CFO, for their alleged roles 
in a 6-year option backdating scheme which resulted in employees and directors 
receiving approximately $20 million in unauthorized compensation, $15 million of which 
was granted to top executives and directors. Landmann agreed to pay over $600,000 in 
disgorgement and prejudgment interest and a $259,486 penalty, a permanent officer and 
director bar and agreed to be suspended from appearing or practicing before the 
Commission as an accountant. The litigation against Mr. Gerhardt is ongoing. 



99 


SEC V. Jacob (“Kohi") Alexander, David Kreinberg, and William F. Sorin (Comverse 
Technology’): On August 9, 2006, the Commission sued Kobi Alexander, co-founder, 
former Chairman and CEO of Comverse, David Kreinberg, former Comverse CFO, and 
William Sorin, former Comverse General Counsel and a former director, for their alleged 
roles in a scheme which involved the creation of a slush fund of backdated options 
granted to fictitious employees. Subsequently, the options were made immediately 
exercisable, to recruit and retain key personnel. Kreinberg settled and agreed to pay 
approximately $2.4 million in disgorgement and prejudgment interest, agreed to a 
permanent officer and director bar, and agreed to be suspended from appearing or 
practicing before the Commission as an accountant. Sorin settled and agreed to pay over 
$3 million in civil penalties, disgorgement, and prejudgment interest, agreed to a 
permanent officer and director bar, and agreed to be suspended from appearing or 
practicing before the Commission as an attorney. 

SEC V. Gregory L Reyes, el al. (Brocade Communications Systems): On July 20, 2006, 
the Commission sued former Brocade CEO, Chairman and President Gregory Reyes, and 
former Brocade VP of Human Resources, Stephanie Jensen, for their alleged roles in an 
option backdating scheme that involved falsified employment offer letters and 
compensation committee minutes, to hide the fact that option grants had been awarded to 
employees before they had actually been hired by the company. Litigation in this matter 
is ongoing. 

SEC v. Peregrine Systems Inc.: On- June 30, 2003, the Commission charged Peregrine 
Systems, Inc. with financial fraud to inflate the company’s revenue and stock price 
during 1999-2001 through various improper practices. As part of the case, the SEC also 
charged the company with fraudulent options backdating that resulted in Peregrine 
understating its expenses by approximately $90 million. Peregrine settled the case by 
agreeing to an antifraud injunction, among other relief. 

SEC V. Symbol Technologies, Inc. el al.: On June 3, 2004, the Commission charged 
Symbol Technologies Inc. and numerous former Symbol employees for engaging in 
various fraudulent accounting practices and other misconduct from 1998-2003. Among 
the misconduct alleged, the SEC charged Peregrine and its former General Counsel 
Leonard Goldner with fraudulently backdating the date of stock option exercises so that 
senior executives could profit unfairly at the company’s expense by falsifying company 
documents and forms the e.xecutives used to report their option exercises to the SEC and 
the public. The improper accounting associated with the backdated exercises resulted in 
a cumulative net increase in reported stock option expenses was $229 million. Symbol 
Technologies settled the matter by agreeing to an antifraud injunction and payment of a 
$37 million penalty. Goldner settled the matter by consenting to a permanent antifraud 
injunction, a permanent Officer & Director bar and Rule 102(e) suspension from practice 
before the Commission as an attorney; the Commission's claims for disgorgement and 
civil penalties against Goldner were withdrawn in view ofGoldner's civil forfeiture 
payincm of $2 million in connection with his guilty plea in a parallel criminal case. 



100 


In addition to the above enforcement actions, the SEC has taken many steps to promote 
clear, full, and fair disclosure about executive compensation, including a requirement for 
real-time reporting ofstock option grants. The revised executive compensation 
disclosure rules the Commission adopted in July 2006, include a number of provisions 
that directly or indirectly address backdating of options. 



101 


Responses by SEC Chairman Cox to Questions from Senator Snowe 

Senator Olympia J. Snowe 
Follow-up Questions 
Small Business Committee Hearing 
April 18, 2007 

Question for Chairman Cox and Chairman Olson 


1. International Competition and Sarbanes-Oxley. 

With increasing international competitiveness and the strong rise of foreign 
markets, how should Sarbanes-Oxley be further reformed to help American 
small businesses remain competitive in the global marketplace? How can the 
■SliC. and the PCAOB prevent outsourcing in the financial services sector to 
a\ oid repeating what happened in the U.S. manufacturing sector? 

ANSWER: 

Rationalizing the implementation of section 404 of the Sarbanes-Oxley Act is the most 
importanl action we can take to help American small businesses remain competitive in 
the global marketplace. To make sure that the U.S. capital markets remain robust and 
competitive, the SEC in July 2007 repealed the costly Auditing Standard No. 2, which 
had made Sarbanes-Oxley compliance so difficult, and replaced it with a completely new 
siandard that is top down, risk-based, materiality focused, and scalable for companies of 
all sizes. 

1 0 prevent U.S. job losses and diminution of global market share in the financial services 
section, our entire regulatory system needs to be consistently reexamined with a view to 
the rapidly changing conditions of the global marketplace. This is particularly true with 
respect to financial reporting. In this connection, I have recently appointed an advisory 
Committee on Improvements to Financial Reporting which will study the issues relating 
to financial reporting and recommend improvements that will keep America’s financial 
reporting system as the gold standard for the world. The Commission also recently 
issued a concept release on whether U.S. companies should be able to file using the 
International Financial Reporting System as published by the International Accounting 
Sinndards Board. Having a set of globally accepted accounting standards will be critical 
to the rapidly accelerating global integration of the world’s capital markets. 


2. Manufacturing. 

Maine's manul'aetiiring sector has been decimated over the last decade. More 
than 20,700 manufacturing jobs in Maine have disappeared between August 
2000 and August 2006. What can the SEC and the PCAOB do to promote the 
growih and strength of the U.S. manufacturing sector and manufacturing jobs? 



102 


ANSWER; 

Both the SEC and the PCAOB can affect the cost of regulation, and doing so in a positive 
way can reduce the cost of capital for manufacturing firms, which as you note are facing 
exceptionally difficult competitive conditions both in Maine and across the U.S. 

We continually review our regulations with a view towards reducing the burdens of being 
a public company and to remove obstacles to raising capital, consistent with investor 
protection, Our focus on significantly reducing the costs of internal control compliance 
mandated by Section dOd of the Sarbanes-O.xley Act 012002 will further the needs of 
inanufaciuring businesses as well as other companies. Similarly, our recent proposals to 
streamline the capital-raising process for small businesses should result in benefits for 
small and medium-size firms in the manufacturing sector. 

These improvements that the SEC recently proposed include; 

• Giving businesses broader access to the c.xpeditcd "shelf registration process for 
their own securities offerings, which previously was available only to big 
companies. 

• Cutting paperwork for thousands of manufacturing businesses, by allowing them to 
raise capital in a private offering after filing a simplified Form D online. 

• Establishing shortened holding periods for restricted securities, making it easier for 
shareholders in small manufacturing firms to put their securities on the market 
sooner and hopefully reducing the discount that small businesses must absorb to 
sell restricted securities. 

• Giving issuers the benefit of a new, limited offering exemption from Securities Act 
registration requirements for offerings and sales of securities to a newly defined 
category of "qualified purchasers" in which limited advertising would be permitted. 

• Eliminating the limit on the number of employees who can receive stock options 
from private firms, improving the ability of manufacturing companies to attract and 
retain talent without prematurely triggering the public registration and reporting 
requirements of the Exchange Act. 

t Providing a simplified system of disclosure for almost 1,600 additional smaller 
public companies, an increase of over 45% in the number of small companies that 
are currently eligible. 

3. Developing Cost-Effective Procedures for Internal Controls Reporting 
['he Small Business Administration's Office of Advocacy recently sent a letter 
to the SEC and the PCAOB regarding the Section 404 internal controls 



103 


requirements currently being finalized. The letter states that "based on small 
business comments, Advocacy believes that the Section 404 requirements may 
still impose large and disproportionate costs on small public companies after 
these proposals are finalized," The Office of Advocacy also asserts that these 
new requirements may reduce "the ability of a new generation of small, 
innovative companies from seeking capital in the U.S. capital markets." Please 
discuss the Office of Advocacy's assessment of the impact of the pending rules. 
Do the SEC and the PCAOB agree with this assessment? How can the SEC's 
and the PCAOB's final rules mitigate potential disproportionate costs on small 
public companies? Should non-accelerated filers be exempted from Section 404 
requirements as the Office of Advocacy recommends? 

ANSWER: 

The requirements to which the Office of Advocacy refers are, of course, those of Section 
404 of the Sarbancs-Oxley Act, which is a congressional mandate that contains no 
exemption for small businesses (nor any express exemptive authority for the SEC). Since 
we lack exemptive authority, we have only been able to defer implementation for smaller 
companies - and we have done so four times, most recently deferring the audit 
requirement until 2009. Consistent with our legislative mandate, the Commission is 
w orking diligently to make implementation for all issuers, including eventually smaller 
public companies, as efficient and effective as possible. 

It is, of course, up to Congress, not the SEC, to consider amending the statute to exempt 
non-accelerated filers from Section 404. We think improvements in the financial 
reporting process for all companies are important for promoting investor confidence in 
our markets.' By including Section 404 in the Sarbanes-Oxley Act, Congress focused on 
internal control over financial reporting as a critical factor in reducing the occurrence of 
fraudulent financial reporting, and contributing to the integrity of the financial reporting 
process. A 1999 report commissioned by the organizations that sponsored the Treadway 
Commission presented evidence to suggest that the incidence of financial fraud was 
greater in small companies.* As you know, the primary goal of the Sarbanes-Oxley Act 
is to enhance the quality of reporting and increase investor confidence in the fairness and 
integrity of the securities markets. Congress should consider the impact an exemption 
from the requirements to evaluate, and report on, those internal controls for small entities 
would have on investor confidence in small entities and those entities’ access to capital in 
the public markets. 


' Coinnicnters on the Exposure Draft of the Final Retxtrt of the Advisory Committee on Smaller 
Public Companies to the t).S. Securities and Exchange Commission (Mar. 3, 2006), available at 
u!!i> \\ H 'vc:cc.u.i'v.[uLe> .iihcr Vj-SfibfelV.ndf . expressed similar views. 

• Sec Beasley, Carcello and Herirtanson, Fraudulent Financial Reporting: 1987-I997, An Analysis 
of U.S. Public Companies (Mar. 1 999) (study commissioned by the Committee of Sponsoring 
Organizations of the Treadway Commission). 



104 


I be SEC's new Interpretive Guidance is focused on how a small company might 
approach 404 differently, and more efficiently, than a large company. For example: 

• A smaller company would probably follow fewer and different steps in evaluating 
whether its controls will provide reasonable assurance about the reliability of its 
financial reports. 

• Management in a smaller company can go about obtaining information on 

w hether its controls operate as designed in different and less elaborate ways than 
would be necessary in a large company. 

• The documentation needed to provide reasonable support for a smaller company's 
controls will normally be less than whafs required in a larger company. 


4. Sarbancs-Oxley and Executive Compensation. 

Do Sarbnncs-Oxley's requirements reduce companies' ability to manipulate 
executive compensation? 

ANSWER: 

Yes. The Sarbanes-Oxley Act has had a positive and remedial impact on companies' 
c.xccutive compensation practices, most notably in one important respect; Sarbanes- 
Oxley and the Commission’s related rulemaking have considerably lessened the 
opportunity for companies and their officers and directors to improperly manipulate the 
date on which stock option awards are granted and/or exercised. 

Before Sarbanes-Oxley, officers and directors were not required to contemporaneously 
disclose their receipt of stock option grams or exercise of their stock options. In many 
cases, the di.sclosure of this information (via a Form 5 filed by the company) was not 
required until after the end of the fiscal year in which the transaction took place. This 
delay in reporting provided the opportunity for companies to misrepresent the date of an 
option award to make it appear that the option was granted at an earlier date - and at a 
lower price - than when the award w'as actually made. The intent of backdating option 
grants is to allow the option recipient potentially to realize larger eventual gains, but still 
characterize the options as having been granted “at-the-money” - disguising the fact that 
the company actually granted the options “in-the-money.” In this way, companies were 
able to give the option recipient a larger “upside" benefit while at the same time 
minimizing the compensation expense of the award to the company, 

Sarbanes-Oxley made these kinds of abusive practices much harder to conceal by 
requiring real-time disclosure of option grants and option exercises. Following the 
mandate provided by Section 403 of the Sarbanes-Oxley Act, the Commission in August 
2002 revised its rules governing ownership reports by company insiders to require that 
officers and directors disclose any transactions in their companies’ equity securities 
\s itbin two business days. Not only must option grants now be reported within two 



105 


business days, but this information is required to be filed electronically through the 
Commission’s EDGAR filing system, This allows the public almost instant access to 
information about stock option grants. The need to report option grants no later than two 
days after the event, combined with the enhanced transparency of electronic filing, makes 
it prohibitively more difficult for companies to manipulate the grant date of option 
awards. 

In addition to Sarbanes-Oxley, last year the Commission independently adopted 
comprehensive revisions to its rules governing the disclosure of executive and director 
compensation, requiring public companies to more thoroughly disclose their 
compensation awards, policies, and procedures. The improved clarity and transparency 
of compensation disclosures that these rules require may also have a significant impact 
on companies’ ability to manipulate executive compensation. 

Arc practices like spring-loading stock option grants an indicator that 
companies arc finding new ways to get around the requirements that govern 
executive compensation in Sarbanes-Oxley and the tax code? 

ANSWER; 

We do not believe that practices like “spring-loading” of stock option grants are 
necessarily an indicator that companies are finding new ways to get around the 
requirements that govern executive compensation. These timing practices have occurred 
prior to, and irrespective of, the requirements of Sarbanes-Oxley and there is evidence 
that abuses in this area have significantly diminished since the enactment of Sarbanes- 
O.sley. 

What else should the government do to reduce the manipulation of the rules 
governing executive compensation? 


ANSWER; 


fhe new e.Neciitive compensation disclosure rules are only now taking effect. In the 
current proxy season, companies are still filing their first disclosures under the new rules, 
fhe Commission stafTis in the process of reviewing the e.xecutive compensation 
disclosure of several hundred companies who have filed their annual proxy statements 
thus far. The staff intends to publish a report summarizing its review of this disclosure 
before the end of the year, but we think it is premature at this point to make any 
overarching statements or judgments about the disclosures. 

Before the Commission makes any recommendations on additional governmental action, 
the Commission must evaluate the results of its ongoing executive compensation reviews. 



106 


Questions for SEC Chairman Cox from Senator Pryor 

1 . Various observers have cited the current internal control 
requirements as a factor in the marked decrease in domestic 
initial public offerings (IPOs) in recent years. For example, 
Senator Schumer has raised these kinds of concerns. Can you 
comment on this assertion and the extent to which the new 
initiatives regarding Section 404 might or might not have an 
impact in this vital area? 


ANSWr-R: 


While some high profile foreign IPOs no longer list in the U.S., a steady stream of 
foreign companies continue to tap the U.S, markets. In fact, according to Thomson 
I'inancial, this year is on pace to add the most foreign listings on U.S. exchanges since 
1997. It was also recently reported that foreign companies accounted for 23.4% of IPO 
proceeds last year - the highest amount since 1994. 

On December 1 S, 2006, the Commission adopted amendments to its rules granting relief 
from the Section 404 requirements for companies that are new to Exchange Act 
reporting. The final rules provide all newly public companies with a transition period that 
relieves them from having to comply with the Section 404 requirements in the first 
annual report that they file after becoming an Exchange Act reporting company. The 
transition period applies to a company that has become public through an initial public 
offering (equity or debt) or a registered exchange offer or that otherwise has become 
subject to the Exchange Act reporting requirements. It also includes a foreign private 
issuer that is listing on a U.S. exchange for the first lime. The transition period is 
intended to permit newly public companies to concentrate on their initial securities 
oflcrings, in cases where they become subject to Exchange Act reporting as a result of 
such an offering, and to prepare for their first annual report without the additional burden 
ofhaving to comply with the Section 404 requirements at the same time. These 
amendments became effective in February of this year and are expected to minimize the 
need for companies to make a substantial investment of time and money to prepare for 
Section 404 compliance before they become public companies. 

The Commission's publication of interpretive guidance on how management can conduct 
an evaiiiaiion of internal control over financial reporting, and the PCAOB’s revisions to 
the Auditing Standard on internal control are designed to improve implementation of the 
Section 404 reporting requirements for all companies. We expect that these 
improvements in implementation will be viewed favorably by companies determining 
whether to undertake an initial public offering in the United States. 



107 


2. A number of organizations like the American Bankers 
Association have raised concerns about the non-accelerated 
filers; the smaller publicly held companies with less than $75 
million worth of outstanding shares who are scheduled to 
comply with the section in the fall of this year. They are 
concerned that the management of such firms will be 
faced with the vexing problem of deciding on whether to apply 
current SEC and PCAOB guidance on Section 404, or to wait 
until the new auditing standards and guidance are adopted in 
their final forms, when they make their 2007 annual reports. 
Would you please comment on this issue? 


ANSWER: 

I <1111 plciised to report that the Commission has already approved new guidance for 
management and a new standard for auditors to reduce the cost and improve the quality 
orcompliance with Section 404. Companies are already making use of this guidance in 
preparing their 2007 annual reports, which for calendar year filers will be due in the 
spring or2008. 

I'or non-accelcrated filers, their first annual reports with internal control audit 
assessments will not be due until 2009, 


3. There is some research that has found that on average, firms 
with material weaknesses tend to be both smaller and worse 
financial performers than their industry counterparts. Would you 
please comment on the impact that the new developments in 
auditing standards and guidance could have on the issue of 
material weakness and smaller firms? 


ANSWIiR: 

As you note, there is some evidence to suggest that smaller companies tend to have a 
higher rale of material weaknesses.’ The data also shows that for companies that are 
already complying with our rules implementing Section 404, there is a decline in the 
number of companies that are reporting material sveaknesses each year and, on average, a 


' According to Audit Analytics’ data, 1 2% of filers with market capitalizations of less than S75 million 
reported ineiXcctive ICFR and only 6% of filers with market capitalization of $75 million or greater 
reported ineffective ICFR. 



108 


lower number of material weaknesses being disclosed for each company reporting 
material weaknesses in each year,"* This data suggests that Section 404 and the 
requirements of our rules results in focus by management to remediate internal control 
deficiencies, thus improving their internal controls. 


■' According to Audit Analytics’ data, 16% of all companies filing 404 reports in year 1 reported, on 
average, 2.56 material weaknesses. In year 2, 1 1% of all filers reported, on average, 2.35 material 
weaknesses. In year 3, as of May 3 1 , 2007, 7% of all filers have reported, on average, 2,09 material 
weaknesses 


109 


Questions for the Record from Senator Enzi 

Senate Committee on Small Business and Entrepreneurship Hearing on: 

"Sarbanes-Oxicy and Small Business; Addressing Proposed Regulatory Changes 
and their Impact on Capital Markets" 


PANEL I 


Questions for Chairman Cox: 

I) Among all accelerated Biers now compliant with Section 404 of the Sarbanes- 
Oxley Act, approximately what percentage of their costs arc attributed to 
management's evaluations of a company's internal controls? What percentage is 
attributed to the external audit? 


ANSWER: 


Over the past three years, the Commission has received various estimates of Section 404 
compliance costs, primarily in connection with our April 2005 and May 2006 
Roundtables on internal Control Reporting and Auditing Provisions. These estimates 
were obtained from surveys of companies with public float of over $75 million. The 
most recent of these historical estimates of the early compliance costs incurred by the 
relatively larger companies indicate that costs ranged from $860,000 to $5.4 million per 
company, depending on the survey.’ While the survey results attempted to disaggregate 
the costs to management from those of the audits, it is our experience that because there 
was no guidance for management to use in performing its responsibilities under Section 
404. the old and costly audit standard drove management’s behavior as well. For this 
reason, the reported amounts attributed to management versus the external audit are 
likely not representative of the underlying source of costs.^ 

1 A) Have filer costs decreased in (he four years of accelerated filer audits? If 

so, what do you attribute this cost reduction to? 

ANSW'ER: 

The Commission has received estimates of Section 404 compliance costs, primarily in 
connection with our April 2005 and May 2006 Roundtables on Internal Control 
Reporting and Auditing Provisions. These surveys indicate that the cost of compliance 


' See. lor example. Finaiieial Executives International Survey on Sarbanes-Oxley Section 404 
Implementtilion (March, 2006) ("FEI Survey”) and CRA International Sarbanes-Oxley Section 404 Costs 
and Implementation Issues: Spring 2006 Survey Update (“CRA Survey”). 

‘ I he surx c> s indicated that audit fees comprised approximately 33% to 39% of total costs of compliance, 
w ilh smaller eompanies at the higher end of that range. 



110 


with the Section 404 requirements has decreased from year one to year tsvo.’ For 
example, one survey indicated that average management costs fell 22.7% and audit fees 
fell 1 3% from year one to year txvo.’ Another survey indicated that the average total cost 
of compliance in year two decreased 30.7% and 43.9%, respectively, for smaller and 
larger companies.’ Additionally, we have reason to believe that costs of compliance 
decreased again for year three. 

These surveys indicated that the decrease in compliance costs is attributable to a number 
of ractoixs, including: reduced time to update documentation and testing in periods after 
the initial year; reduced reliance by management on external consultants to assist 
management in completing its evaluation; and more effective and efficient evaluation 
elTorts by both management and the auditor after the initial year. 


2) I remain very concerned about the effect of federal regulation on the cost of 
capital formation in the U.S. markets. There has been a lot of attention paid recently 
to the perceived flight of capital aAvay from the United States to foreign markets. 
Have initial public offerings on American exchanges decreased since the passage of 
Sarbancs-Oxicy in 2002? Has there been a decrease in foreign companies seeking a 
listing on American exchanges during this time? 

ANSWER; 


At the SFC. we recognixe that our capital markets are changing at an accelerating pace 
and that we are living in a very dynamic and competitive global marketplace. There are 
more opportunities to raise money and deeper, more varied pools of capital than ever 
before. So while the United States has the leading position in the world and the biggest 
markets and the deepest and most liquid markets - that is not a birth right. We have to 
constanti) earn it. That is true for our private sector and it is true for our regulatory 
system. As regulators, we must constantly work to sharpen our competitive edge as well. 

While some high profile foreign IPOs no longer list in the U.S., a steady stream of 
foreign companies continue to tap the U.S. markets. In fact, according to Thomson 
Financial, this year is on pace to add the most foreign listings on U.S. exchanges since 
1997. It was also recently reported that foreign companies accounted for 23.4% of IPO 
proceeds last year - the highest amount since 1994. 


’ ('or purposes of this response, the Commission has focused on surveys that were received from 
commciilers in multiple ye.irs, in order to ensure comparability from year-to-year. Therefore, we have not 
included in our response data received on costs of compliance for surveys that were only performed in the 
tiiiunl )eiir of compliance. 

* ITil Survey: Sarbaiies-Oxley Compliance Costs arc Dropping (April 6, 2006). 

“ CRA Survey 

' While no cost surveys were submitted to the Commission, the Commission staff is aware that FEl 
updated their cost survey in May 2007. The press release regarding the availability of the survey indicated 
that the average costs of compliance for year three was 23% less than the corresponding year two costs. 
,\lay 16. 2007 News Release. 



Ill 


Available data on initial public offerings (“IPOs”) and new foreign listings since the 
passage of the Sarbanes-Oxley Act are provided below; 


Year 

Number of IPOs 

Amount of IPOs 
(Billions of $) 

Number of New Foreign Listings 

NYSE 

Nasdaq 

2001 


37.9 

51 

6 

2002 

98 

26.4 

33 

6 

2003 

88 

18.6 

16 

5 

2004 


51.9 

20 

19 


221 

39.1 

19 

38 

2006 

236 

49.9 

29 

26 


Sources PneewaierhouseCoopers, US IPO Watch: 2006 Analysis and Trends; NYSE and Nasdaq 


3) A large degree of efficiency can be gained in tailoring internal control 
frameworks for small companies. How has the SEC focused its efforts in this 
regard? How much scalability will be allowed for small companies preparing their 
internal control framework for an external audit? 

ANSWER; 

Wc agree thal a large degree of efficiency can be gained in tailoring internal control 
frameworks for small companies. The SEC’s Interpretive Guidance recognizes that 
smaller public companies generally have less complex internal control systems than 
larger public companies." The Interpretive Guidance is intended to assist management 
of smaller public companies in scaling and tailoring their evaluation methods and 
procedures to fit the facts and circumstances in ways that may not be appropriate for 
larger companies with more complex internal controls systems, 

The Interpretive Guidance is intended to allow management appropriate flexibility to 
design an evaluation process that is right for each particular company. Smaller public 
companies can use this guidance to scale and tailor their evaluation methods and 
procedtires to fit their own facts and circumstances. We are encouraging smaller public 
companies to take advantage of the flexibility and scalability afforded in the new 
guidance to conduct an evaluation of internal controls that is both efficient and effective 
at identifying material weaknesses. 

In order to help smaller companies better understand how they can tailor their evaluation 
cirorts. the guidance specifically highlights some of the key areas where the evaluation at 
a smaller company might be different and less costly than for a larger company. For 
example, three key points within the evaluation process are the overall determination of 
elTectivcness of the design of controls, the testing of the operating effectiveness, and the 


" Final Report of the Advisory Committee on Smaller Public Companies to the United Stales 
Sectiriiles and Exchani;e Cnnimission (Apr, 23, 2006) at 39-40, (“Advisory Committee Report”) 
available at Mill. « -ec.m n inUi -iiu illhus aesne acsoc-linalronurt.ncll ’. 















112 


documcntalion needed to siifTiciently support both. The Interpretive Guidance includes 
guidance on each of those points, indicating how a smaller company may accomplish 
those requirements of the evaluation process. 

The guidance also explains other ways that a small company might approach 404 
dilTcrcnil)' than a large company. Fore.xample: 

• A smaller company would probably follow fewer and different steps in evaluating 
whether its controls will provide reasonable assurance about the reliability of its 
financial reports. 

t Management in a smaller company can go about obtaining information on 
whether its controls operate as designed in different and less elaborate ways than 
would be necessary in a large company. 

• The documentation needed to provide reasonable support for a smaller company's 
controls will normally be less than what's required in a larger company. 


3.*\) Arc you confident that these changes will decrease the costs of 
iniplenientation? 


ANSWER: 

Yes, Based upon feedback that we've received through the public comment process we 
believe that the rule changes and the interpretive guidance, combined with the revised 
auditing standard, should enable companies to complete their annual evaluations in a 
more efficient and effective manner. 



113 


Responses by PCAOB Chairman Olson to Questions from Chairman Kerry 

Responses to U.S Senate Small Business Committee’s Questions for the Record May 29, 
2007, Questions from Chairman Kerry 

Question /, Lessons learned through Sarbanes-Oxley implementation. Currently 50% of 
public companies have had three years experience to implement Section 404 of Sarbanes- 
Oxley During this time, these companies have seen costs come down significantly as 
much as half of the amount of the first year costs. To what factors do we owe this cost 
phenomenon? What lessons have we learned? How can this information benefit the other 
50% of public companies including smaller public companies that are gearing up to 
comply? What are the first year challenges for small public companies when they comply 
with the law? 

Response to Question 1 : 

The Public Company Accounting Oversight Board (“the PCAOB” or “the Board”) has 
observed reports that the costs of providing the investing public audited assessments of 
the effectiveness of companies' internal control have come down since the first year of 
implementation of the Sarbanes-Oxley Act of 2002’s (“the Act”) internal control 
requirements. Through the Board’s monitoring of the implementation of its auditing 
standard on internal control, Auditing Standard No. 2 (“AS No. 2”), the Board has 
identified and from time to time reported on certain areas that posed challenges to 
companies and auditors in the first year of implementation. Specifically, the Board found 
that, in the first year of implementation of AS No. 2, both issuers and auditing firms 
faced challenges arising from the limited time period surrounding the Act’s passage, the 
adoption of implementing rules, and the time that issuers and auditors had to initially 
implement Section 404; a shortage of staff with prior training and experience in 
designing, evaluating, and testing controls; and related strains of available resources. 
These challenges were compounded at those companies that needed to make significant 
improvements in their internal control systems to make up for deferred maintenance of 
those systems, in addition, the Board found that firms could improve the efficiency of 
their internal control audits by. among other things, (1) integrating more fully the audit of 
inlernal control with the audit of the financial statements; (2) using a top-down approach 
to testing controls; (3) altering the nature, timing, and extent of their testing to reflect the 
level of risk; and (4) increasing their use of the work of others to the extent permitted by 
the auditing standard. After monitoring the second year of auditing firms’ 
implementation, the Board noted certain progress in improving the efficiency of internal 
control audits. The Board found that many of these improvements resulted from, among 
other things, issuers' and auditors’ additional experience and changes that auditors made 
in their methodologies and staff training, in many cases in response to PCAOB 
guidance.’ 


1 Tor a more deiatiidd analysis uf ihe Board's findings regarding tlie first two years of the implementation of AS No 2, see 
i'C.AOB Release No 2005-023. Report on the Initial Implemeniaiion of AS No 2. An Audit of internal Control Over 
I'iiiaiicia! Rcpoiiiiig Pcilbrnied in Conjunciion with an Audit of Financial Statement.? (November 30, 2005). and PCAOB 
Release No 2007-004, Report on the Second-Year Implementation of AS No, 2, An Audit of Internal Control Over Financial 
Repoiiing Perfomied in Conjuiictiun with an Audit of Financial Statements (April 1 8, 2007), both of winch can be found on 
the l‘CAOB website at www Dcaobus org 



114 


Some smaller companies and their auditors may face these same challenges in their first 
years of compliance with Section 404. The Board has, however, taken several steps to 
assist auditors in meeting those challenges. Most importantly, the Board last month 
adopted Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting 
That Is Integrated With An Audit of Financial Statements (“AS No. 5”), which, if 
approved by the SEC, will replace AS No. 2. AS No. 5 focuses auditors on the most 
important matters in the audit of internal control over financial reporting and eliminates 
procedures that the Board believes are unnecessary to an effective audit of internal 
control. Through the new standard, the Board has sought to make the internal control 
audit more clearly scalable for smaller and less complex public companies and to make 
the text of the standard easier to understand. The Board also has announced that it will 
provide guidance on auditing internal control in smaller companies later this year. 

Finally, the Board is committed to promoting proper implementation of the new standard 
through, among other things, its inspections and the Board’s Forums on Auditing in the 
Small Business Environment, 

Question 2: Available tools for helping small businesses with compliance. 
What tools are available currently to aid smaller public companies as they 
gear up to comply with Section 404? Please describe the PCAOB's small 
business guide as well as other tools that might be out there that you believe 
might be particularly useful 

Response to Question 2: 

The PCAOB is taking several steps to assist small public companies to comply with 
Section 404. First, as discussed in more detail in the response to Question 3, AS No. 5 
provides examples of common differences in internal control in larger, more complex 
companies and smaller, less complex public companies. The Board believes that smaller 
public companies will benefit from the scaling concepts that are incorporated throughout 
the standard. These provisions will be reinforced by guidance on auditing internal control 
in smaller companies that the Board plans to issue later this year. The implementation 
guidance will assist auditors in applying the principles in AS No. 5 in the context of an 
audit of a smaller company. Representatives from firms who audit smaller companies are 
actively participating in this project to develop implementation guidance. Also, the Board 
will continue its outreach to small firms and issuers through its Forums on Auditing in 
the Small Business Environment held each year throughout the country. In addition, after 
three years of experience with internal control audits, firms and professional associations 
have developed various implementation guides; the Board expects these efforts to 
continue. 

Further, the following tools related to the design and evaluation of internal control 
systems are also available to small businesses: 

On May 23, 2007, the SEC approved interpretive guidance for management regarding its 
evaluation and assessment of internal control over financial reporting. The SEC has noted 
that the new guidance will help public companies strengthen their internal control over 
financial reporting while reducing unnecessary costs, particularly at smaller companies. 



115 


The Committee of Sponsoring Organizations for the Treadway Commission (COSO) in 
1 992 issued Internal Control - Integrated Framework to help businesses assess and 
improve their internal control systems. In June 2006, COSO issued guidance for smaller 
public companies on using the Framework to design and implement cost-effective 
internal control over financial reporting. 

Question 3: PCAOB efforts on behalf of small auditing companies. Smaller 
companies are likely to be audited by smaller audit firms, almost 800 of 
whom are registered with the PCAOB. What is PCAOB doing to assist the 
smaller audit firms when it comes to their readiness and ability to cam, ’ out 
their audit responsibilities in both an efficient and effective way? 

Response to Question 3: 

The Board recognizes the challenges that smaller audit firms face in implementing a 
significant new auditing standard, especially those firms that have not yet performed 
audits of internal control, and the Board has already begun providing assistance to these 
firms. First, the newly adopted AS No. 5 allows auditors to tailor their audit approach to 
the facts and circumstances including size and complexity of any company, large or 
small. Throughout its text, AS No. 5 incorporates principles related to ways in which 
audits of smaller, less complex companies may differ from those of larger and more 
complex ones. These provisions will be reinforced by guidance on auditing internal 
control in smaller companies that the Board plans to provide later this year. Further, the 
Board will continue its outreach across the country to small firms and companies through 
its Forums on Auditing in the Small Business Environment. The Board will hold eight 
such forums during 2007. The Board believes that these efforts should help smaller firms 
perform high quality, efficient audits. 



116 


Responses by PCAOB Chairman Olson to Questions from Senator Snowe 
May 29, 2007. Questions From Senator Snowe 

Question 1: Sarbanes-Oxley Safe Harbor for Accountants. What is the PCAOB’s view of 
establishing damage limits or specific safe harbor measures for audit turns? Would a 
safe harbor for auditors benefit small firms or reduce their audit costs? If safe harbors 
for audit firms are appropriate, how should they be structured? What other steps, in 
addition to safe harbors, could policy makers take to ensure the viability of a vibrant and 
competitive audit industry on which investors can rely? 

Response to Question 1 : 

The mandate of the PCAOB is to oversee the auditors of public companies in order to 
protect the interests of investors and further the public interest in the preparation of 
informative, accurate, and independent audit reports. To fulfill this mandate, Congress 
gave the PCAOB the power, among others, to establish auditing and other professional 
practice standards. This authority does not extend, however, to the establishment of limits 
on private liability, which is outside of the Board’s purview. We note that the Treasury 
Department recently announced the formation of an advisory committee to study, among 
other things, options available to strengthen the auditing profession’s financial soundness, 

The Board agrees that a vibrant and competitive audit profession enhances audit quality, 
and has observed first-hand how some small firms distinguish themselves professionally 
and competitively by performing high-quality audits. The Board’s supervisory approach 
to its inspections, which includes an active dialogue between Board staff and the firm, 
helps those firms that want to improve the quality of their audits and their ability to 
compete for public company audit clients. 

Question 2: International Competition and Sarbanes-Qxley. With increasing 
mternational competitiveness and the strong rise of foreign markets, how should 
Sarhones-Oxley he further reformed to help American small businesses remain 
competitive in the global marketplace? How can the SEC and the PCAOB prevent 
outsourcing in the financial services sector to avoid repeating what happened in the U.S. 
manufacturing sector? 

Response to Question 2: 

The issue of competitiveness has been at the forefront of financial policy debate recently 
and has spurred the release of several reports on the subject. Some of these reports have 
suggested that the U.S. regulatory structure, approach, and requirements present 
challenges to the competitiveness of U.S. capital markets. Others have indicated that the 
U.S. regulatory system, and in particular the U.S. investor protection regime, serves as 
the foundation of our markets’ strength and success. In any event, though, given the 
global nature of our market place and the potential for unnecessary burden, it is essential 
that financial regulators, including the PCAOB, work to effectively carry out their 
mandates while being mindful of the importance of eliminating compliance costs that are 
unnecessary to achieve the intended benefits of our system. Based on this challenge, the 
PCAOB routinely monitors its requirements and their implementation. With regard to 
Section 404 of the Act and the newly adopted AS No, 5, effective implementation of the 



117 


new standard is a priority of the Board and will include a number of interwoven 
initiatives, ranging from outreach to inspections. The market will bear out how the new 
standard affects overall audit costs, but in revising its standard, the PCAOB has been 
committed to providing for a quality audit that is tailored to the unique attributes of a 
given company. While the Board has not observed a significant trend toward the 
outsourcing of audits, the Board will continue to monitor its registrants’ business 
practices as they relate to audits of public companies. 

Question J: Manufacturing. Maine 's manufacturing sector has been decimated over the 
last decade. More than 20, 700 manufacturingjobs in Maine have disappeared between 
August 2000 and August 2006. What can the SEC and PCAOB so to promote the growth 
and strength of the U.S. manufacturing sector and manufacturing jobs? 

Response to Question 3; 

The Board's work to oversee the auditors of public companies protects the interests of 
investors and furthers the public interest in the preparation of informative, accurate, and 
independent audit reports. The Board believes that sound financial reporting enhances the 
overall health of the U.S. capital markets and economy. Moreover, as described in detail 
above in the answer to Question 2, due to the global nature of our market place and the 
potential for unnecessary burden, the Board works to effectively carry out its mandates 
while being mindful of the need to eliminate unnecessary costs. 

Question 4: Developing Cost-Effective Procedures for internal Controls Reporting. The 
Smalt Business Administration 's Office of Advocacy recently sent a letter to the SEC and 
PCAOB regarding the Section 404 internal controls requirements currently being 
finalized. The letter states that “based on small business comments, Advocacy believes 
that the Section 404 requirements my still impose large and disproportionate costs on 
small public companies after these proposals are finalized. " The Office of Advocacy also 
asserts that these new requirements may reduce “the ability of a new generation of small, 
innovative companies form seeking capital in the U.S. capital markets. " Please discuss 
the Office of Advocacy ’s assessment of the impact of the pending rules. Do the SEC and 
the PCAOB agree with this assessment? How can the SEC 's and PCAOB ’s final rules 
mitigate potential disproportionate costs on small public companies? Should non- 
accelerated filers be exempted from Section 404 requirements as the Office of Advocacy 
recommends? 

Response to Question 4: 

in formulating a final standard, the Board paid particular attention to the concerns of 
smaller companies and their auditors, including those concerns included in the letter from 
the SBA's Office of Advocacy. The Board believes that its final standard appropriately 
emphasizes differences in internal control between small and large companies. 
Specifically, to help auditors identify opportunities to tailor the audit to the size and 
complexity of the company, AS No. 5 incorporates a list of attributes of smaller, less 
complex companies and notes that a less complex company might achieve its control 
objectives differently than a more complex one. Throughout the standard, notes to 
particular audit requirements provide principles related to tailoring the requirement to the 



118 


specific circumstances of a smaller, less complex company or business unit. The Board 
believes that an effective system of internal control is critical to protecting the interests of 
investors at any public company, regardless of its size. Whether certain companies should 
be exempted from the requirements of Section 404, however, is beyond the Board’s 
purview. Rather, the Board’s responsibility is to provide a standard that results in an 
effective audit for all companies required by the SEC to obtain an audit of internal 
control. 

Question 5: Sarhanes-Oxhy and Executive Compensation. Do Sarbanes-Oxley’s 
requirements reduce companies ' ability to manipulate executive compensation? Are 
practices like spring-hading stock option grants an indicator that companies are finding 
new ways to get around the requirements that govern executive compensation in 
Sctrhane.s-Oxley and the tax code? What else should the government do to reduce the 
manipulation of the rules governing executive compensation? 

Response to Question 5: 

The Act appears to have significantly reduced the incidence of backdated option grants. 
Specifically, the SEC’s rules implementing Section 403 of the Act require public 
company officers and directors to report their receipt of stock options within two business 
days of the grant. Previously, such persons were generally not required to report option 
grants until 45 days after the fiscal year in which they were received. Given the new 
filing requirement, the ability to backdate option grants to coincide with low stock prices 
is greatly curtailed. 

The PCAOB does not regulate accounting or disclosures by public companies, nor does it 
administer the corporate governance requirements imposed on public companies by the 
.Act. Rather, the PCAOB’s role is to enhance the quality of the audits of public 
companies' financial statements. Towards that end, in July 2006, the PCAOB issued Staff 
Audit Practice Alert No. 1 , Matters Related to Timing and Accounting for Option Grants. 
The Practice Alert advised auditors that backdating options grants and similar practices 
may have implications for audits of financial statements or of internal control over 
financial reporting and discussed factors that may be relevant in assessing the risks 
related to these matters. In addition, we note that the SEC has recently taken action in the 
area of executive compensation, including through its rulemaking on executive 
compensation disclosure. 



119 


Responses by PCAOB Chairman Olson to Questions from Senator Pryor 
May 29. 2007, Questions from Senator Prvor 

Question 1: You stale in your written testimony that the Board received thoughtful 
comments on its proposed revisions to the auditing standard on internal control. What 
were the principal concerns expressed in these comments? 

Response to Question 1 : 

I'he Board received 1 75 letters on its proposals. On the whole, these comments expressed 
support for the direction of the Board’s proposal. The comments helped the Board to 
refine the proposed standard to provide additional clarity and to further help the auditor to 
focus on the most important matters in auditing the internal control over financial 
reporting. The Board’s adopting release for AS No. 5, dated May 24, 2007, describes the 
comments received on the proposals, as well as the Board’s response. As discussed in the 
Board's release, the comments covered a wide range of issues, from alignment between 
the PCAOB standard and SEC management guidance, to various aspects of performing 
the ICFR audit, to implementation of the new standard.’ 

Question 2: In developing the pmposed revision to its auditing standard on internal 
control, did the Board attempt to estimate the extent to which audit costs would be 
reduced for small companies? For example, might costs be reduced by a third? 

Response to Question 2: 

AS No. 5 reflects the Board’s monitoring of registered firms’ implementation of AS No. 

2 over two reporting seasons. The Board’s monitoring included gathering information 
during inspections of registered public accounting firms; participating, along with the 
SEC. in two roundtable discussions with representatives of issuers, auditors, investor 
groups, and others; meeting with its Standing Advisory Group; receiving feedback from 
participants in the Board's Forums on Auditing in the Small Business Environment; and 
reviewing academic, government, and other reports and studies. Based on this 
monitoring, the Board believes that in many cases the new standard will result in a 
reduction in audit effort, as compared to the audits currently performed under AS No. 2. 
The Board has not, however, attempted to quantify the e.xtent to w'hich audit costs would 
be reduced for small companies. 

in proposing AS No. 5, the Board noted that it had heard a consistent message that 
compliance with the internal control provisions of the Act had required greater effort and 
resulted in higher costs than expected. The Board decided to revise its standard, in part, 
because it agreed that its standard should not require auditors to perform procedures that 
are not necessary to achieve the intended benefits of the internal control audit. 
.Accordingly, the Board specifically sought comment on whether and how much the 
proposed revisions to .AS No. 2 would reduce audit hours. While commenters did not 
prov ide such estimates, in adopting its revised standard, the Board sought to eliminate 


* For a more detailed di.scussion of the comment letters received by the Board, see PCAOB Release No. 
2007-005, AS No. 5, An Audit of Internal Control Over Financial Reporting That is Integrated With an 
Audit ofFinancial Statements, and Related independence Rule and Conforming Amendments (May 24, 
2007), vvhicli can be found on the PCAOB website at www.pcaobus.org. 



120 


unnecessary procedures and make the audit scalable for companies of all sizes. Finally, as 
part of its approval process, the SEC has requested comment on, among other things, 
whether AS No. 5 will “reduce expected audit costs under Section 404, particularly for 
smaller companies, to result in cost-effective, integrated audits.” 

Question 3: The proposed revision to the auditing standard on internal control places 
greater emphasis on auditors 'judgment in designing and cariying out audits. But does 
this not expose auditors to more risk of adverse findings in Board inspections? What 
steps will the Board take to ensure that auditors will not constantly be “second guessed" 
in their judgments'^ 

Response to Question 3: 

The Board is aware of the importance of its inspections program to the successful 
implementation of a principles-based standard, such as AS No. 5, that requires the use of 
professional judgment. PCAOB inspections of registered firms are designed to assess the 
level of compliance of the firm with the Board’s and the SEC’s rules, as well as with 
auditing and other professional standards. In doing so, the Board makes every attempt to 
ensure that inspectors do not substitute their own judgment for that of the auditors. 

The Board believes that the consistent and thoughtful implementation of AS No. 5 is 
critical to its success. AS No. 5 provides auditors with the flexibility to apply the standard 
in a manner that is appropriate to each audit. The Board is committed to effective 
monitoring of firms’ compliance with the new standard and, as it announced upon 
adoption of the new standard, intends to adjust and implement its inspection program to 
be consistent with the new standard. 

Question 4: The Board and the SEC are publicly committed to aligning the two sets of 
guidance that they will finalize regarding internal control. But do not auditing (which 
attempts to protect investors) and management (which is concerned about operational 
efficiency) ultimately have conflicting objectives? How can there be an alignment of 
guidance that strikes appropriate balance in all circumstances? 

Response to Question 4: 

In formulating a new standard on auditing internal control, the Board has been mindful of 
the inherent differences in the roles and responsibilities of management and the auditor. 
Because of these differences, two separate regulatory requirements exist AS No. 5, 
formulated by the Board for auditors, and SEC management guidance for issuers’ 
management. At the same time, the Board believes that the general concepts necessary 
for an understanding of internal control should be described in the same way in the 
Board's standard on an audit of internal control and in the SEC’s management guidance. 
The Board worked closely with the SEC to identify those areas where the direction to 
management and to the auditor needs to be consistent. Accordingly, among other things, 
the Board uses the same key terms and definitions that the SEC uses in its management 
guidance and related rules. 



121 


Responses by PCAOB Chairman Olson to Questions from Senator Enzi 
May 29, 2007. Questions from Senator Enzi: 

Question I: / filed a comment letter to Chairman Olson in January on the proposed 
changes to the PCAOB guidance for Section 404 audits. In this letter, I stated that the 
scalability of the external audit for smaller companies has a huge potential for cost 
savings. Seal ability is crucial because, as the 2006 GAO report noted, smaller companies 
often have more centralized management and less complex processes. These elements can 
help external auditors test internal control frameworks efficiently. Under the PCAOB 
guidance, how will auditors account for the nature of smaller companies in their audits? 
How will your .small company audit guide be integrated into the revised auditing 
standard when it is released later this year? 

Response to Question 1 : 

AS No. 5 is a principles-based standard that requires the use of professional judgment to 
determine what procedures are necessary under the particular facts and circumstances. 
The standard focuses the auditor on a top-down, risk-based approach and provides 
principles the auditor can apply to scale the audit to fit the size and complexity of a given 
company. These principles will be reinforced by guidance on auditing internal control in 
smaller companies that the Board plans to provide later this year. The guidance is 
intended to provide practical information on how the principles in the standard can be 
applied in the audit of a smaller company and therefore will not be part of the standard 
itself. The guidance and standard will, of course, be closely aligned. 

Question la: How will auditors determine how and when to use their professional 
judgment in scaling audits for small companies? Has the PCAQB provided enough 
guidance for auditors to recognize small companies and feel comfortable using a more 
efficient audit process? 

Response to Question 1 a: 

Because the general principles regarding scalability are included directly in AS No. 5 and 
because the Board will be following-up with more detailed guidance on auditing internal 
control in smaller companies later this year, auditors should be more comfortable 
tailoring their audits based on the size and complexity of the company. As mentioned 
above, this guidance is included within the “Scaling the Audit” section of AS No. 5, as 
well as throughout the standard, and additional detail, such as examples, will be included 
in the implementation guidance for auditors of smaller public companies. 

Question 2: In my comment letter, I also touched on the definition of “material 
weakness. ” I believe the PCAOB is correct in focusing on this definition, along with that 
of “significant deficiency, " as areas for improvement because uncovering financial 
control deficiencies are central to the work of an auditor. Now that the second year of 
implementation for Auditing Standard No. 2 is complete, how do you understand external 
auditors to be applying the term “more than remote " in today’s audits? 

Rcspon.se to Question 2: 

.As your qiie.stion notes, the definition of material weakness is central to the scoping and 



122 


conduct of an audit of internal control. After the first year of implementation of AS No. 

2, the Board noted anecdotal claims suggesting that some auditors applied a more 
stringent threshold to the evaluation of control deficiencies than the definitions in AS No. 
2 require. Consequently, the Board provided guidance noting that under AS No. 2, the 
likelihood of an event is “more than remote” when it is either “reasonably possible” or 
“probable.” AS No. 5 incorporates that guidance in the standard itself. Specifically, as 
discussed below, the Board has revised the definition of “material weakness,” including 
replacing the phrase “more than remote” with a “reasonable possibility.” This change 
should drive improvements in the application of the definition, as well as aligning the 
PCAOB's definition of this term with the definition used by the SEC in its management 
guidance. 

Question 2a: Several of the comment letters expressed unease with the new deficiency 
definition, "reasonable possibility. "lam deeply concerned that this new definition may 
not lower audit costs if auditors understand the terms “more than remote ” and 
“reasonable possibility " to be the same. Will the PCAOB respond to this concern? How 
will the PC A QB ensure that the new definitions actually cause a positive change in 
auditor behavior? 

Response to Question 2a: 

The Board received a wide range of comments on its proposed definition of “material 
weakness.” Some commenters, as your question notes, suggested that the proposed 
definition would not change how audits are carried out, while a number of other 
commenters believed that the proposed definition would reduce unnecessary effort spent 
on identifying and analyzing deficiencies. Ultimately, the Board decided to adopt the 
definition of material weakness within AS No. 5 substantially as proposed. The Board did 
so in order to align its definition of material weakness with the definition of the same 
term adopted by the SEC in its rules and because the Board believes that “reasonable 
possibility” most accurately and clearly describes those internal control deficiencies that 
auditors should be concerned about during the audit of internal control. The definition is 
based on earlier guidance that noted that the phrase “more than remote” means the same 
thing as "at least reasonably possible.” Although the two phrases describe the same 
threshold, the Board was concerned that auditors were applying the phrase “more than 
remote" to mean something less likely than “a reasonable possibility.” The Board 
believes that use of the phrase “reasonable possibility” will avoid this misunderstanding 
and will result in the appropriate application of the definition of “material weakness.” 

Question 3: As I mentioned in my Committee statement, the GAO report released last 
April mentioned that smaller accounting firms may receive more business as a result of 
more companies becoming Section 404 compliant. In your discussions with small 
accounting firms and during the PCAOB small auditor forums, do you believe these firms 
are adecpuitely preparing to conduct 404 audits? If so, how are they preparing? 

Response to Question 3: 

I'hc Board has observed smaller firms preparing to perform integrated audits in several 
ways. As your question notes, many smaller firms have participated in the PCAOB’s 



123 


Forums on Auditing in the Small Business Environment. The PCAOB established this 
program in November of 2004 and continued it in 2005 in ten cities across the United 
States. The forums were extremely well received; the Board continued offering the 
program in eight cities in 2006. The Board will also hold sessions in eight cities this year. 
The forums enable PCAOB staff and Board members to meet directly with 
representatives of small companies and small public accounting firms to discuss how 
PCAOB auditing standards and inspections affect them. The feedback received from 
these forums assists the PCAOB in understanding and considering the unique needs of 
the small business community, 

In addition, smaller firms are actively participating in the PCAOB’s project to provide 
implementation guidance for auditors of smaller public companies and are providing the 
Board with valuable and timely feedback and assistance in developing this guidance. 

Finally, some smaller audit firms have performed engagements under AS No. 2 for some 
of their clients that are accelerated filers, as defined by the Securities and Exchange 
Commission. As a result, they are able to leverage this work and experience as they 
prepare to perform audits under AS No. 5 for accelerated and non-accelerated filers. 

Question 3a: Do you believe that, once external audits are required of smaller 
companies, there will be an adequate number of qualified accounting firms to do the job? 

Response to Question 3a: 

As of May 15, 2007, there were over 1,700 firms registered with the PCAOB, all of 
which may provide audits to public companies. The Board has taken several steps to 
assist these firms with meeting challenges associated with audits of internal control. Most 
importantly, the newly adopted AS No. 5 focuses auditors on the most important matters 
in the audit of internal control over financial reporting and eliminates procedures that the 
Board believes are unnecessary to an effective audit of internal control. Through the new 
standard, the Board has sought to make the internal control audit more clearly scalable 
for smaller and less complex public companies and to make the text of the standard easier 
lo understand, in addition, the Board will provide guidance on auditing internal control in 
smaller companies later this year. Finally, the Board is committed to promoting proper 
implementation of the new standard through, among other things, its inspections and the 
Board's Forums on Auditing in the Small Business Environment. 

Question 4: How can larger accounting firms play an advisory role in helping smaller 
firms and companies complete their 404 audits? 

Response to Question 4: 

Many larger accounting firms participate in accounting conferences and provide their 
views and experiences on particular issues. These conferences are held throughout the 
year at various locations around the country, thus enabling accounting firms of all sizes to 
benefit from the information provided. In addition, larger firms often provide training via 
web casts and text materials that are available to the public, which are additional ways for 
smaller firms and companies to obtain training. 



124 


Responses by Richard Wasielewski to Questions from Senator Pryor 

Question 1. You have a copy of the letter sent to SEC Chairman Cox and PCAOB 
Chairman Olson from Senators Kerry and Snowe, as well as the SEC and PCAOB 
responses in the binder. [The referenced letters appear in Appendix Material Sub- 
mitted on pages 126-131.] The SEC response notes that four separate extensions 
have been given to small businesses regarding compliance with Section 404 of the 
Sarbanes-Oxley Act, with the most recent extension granted on December 2006. The 
December 2006 extension said that non-accelerated filers (less than $75 million in 
market cap) had to comply with Section 404(a) providing management’s assertions 
on internal controls for calendar years ending after December 15, 2007, and with 
Section 404(b) external auditor’s internal controls audit for calendar years ending 
after December 15, 2008. 

Given that the SEC granted four extensions in order for small businesses to have 
more time to comply with Sarbanes-Oxley Section 404, what have you been doing 
during this time to get your own company’s internal controls in order? What chal- 
lenges have you found? Have you discussed this with your external auditor? 

Response. [Submitted in a question and answer format as follows:] 

What have you been doing with the extension time'? 

Our relatively small finance department continues to spend a disproportionate 
amount of time on increasing regulatory compliance rather than supporting the 
business and operations. When time permits we are implementing internal control 
policies and procedures with clearly defined roles and responsibilities, priority man- 
agement, risk assessment, monitoring, and corrective actions for continued improve- 
ment according to generally accepted best practices and the latest guidance. We 
have been able to use this time to draft and organize a formal document of our in- 
ternal control policy and procedures. We are currently working on updating this doc- 
ument and beginning to develop test plans and tracking of our critical and material 
control points. The final step will be to formalize the management assessment proc- 
ess. 

An additional extension will allow us to continue to build upon our current inter- 
nal control processes without the time and cost pressures of the current deadlines 
and requirements as well as, have a chance to review and incorporate the new SEC 
and PCAOB interpretive audit standard guidance for management assessment and 
auditor reporting. 

What challenges have you found? 

Our challenge continues to be the time required to develop and implement a for- 
mal and documented internal control process while trying to support our business 
and the increased compliance costs of our audit, consulting and GAAP advising fees 
due to the increased demand for auditor resources. 

Have you discussed this with your external auditor? 

We have as part of our audit committee meetings continued to update our auditor 
on our progress. They are waiting to see what the new guidance will be and to what 
extent we can incorporate into our internal control plans this year given the late 
release date. 

Thank you again for the opportunity to provide additional input to the committee. 


Responses by Joseph Piche to Questions from Senator Pryor 

Question 1. You have a copy of the letter sent to SEC Chairman Cox and PCAOB 
Chairman Olson from Senators Kerry and Snowe, as well as the SEC and PCAOB 
responses in the binder. [The referenced letters appear in Appendix Material Sub- 
mitted on pages 126-131.] The SEC response notes that four separate extensions 
have been given to small businesses regarding compliance with Section 404 of the 
Sarbanes-Oxley Act, with the most recent extension granted on December 2006. The 
December 2006 extension said that non-accelerated filers (less than $75 million in 
market cap) had to comply with Section 404(a) providing management’s assertions 
on internal controls for calendar years ending after December 15, 2007, and with 
Section 404(b) external auditor’s internal controls audit for calendar years ending 
after December 15, 2008. 

Given that the SEC granted four extensions in order for small businesses to have 
more time to comply with Sarbanes-Oxley Section 404, what have you been doing 
during this time to get your own company’s internal controls in order? What chal- 
lenges have you found? Have you discussed this with your external auditor? 



125 


Response. [Mr. Piche’s response to question 1 was not available at the time the 
hearing record was printed.] 

Question 2. There are intangible effects of Sarbanes-Oxley that impact corporate 
management. The requirements that the CEO and CFO certify their company’s fi- 
nancial statements, coupled with the Act’s implicit notion that the directors are 
“gatekeepers” capable of preventing fraud, has focused boards of directors on compli- 
ance matters instead of corporate strategy; anecdotal evidence suggests that more 
time is spent on compliance in today’s boardrooms than on the business of the com- 
pany. Mr. Piche, in your testimony you mention the increase in the cost of Directors’ 
and Officers’ (D&O) insurance, an increase of 500 percent since the Act’s enactment, 
and that the increased liability imposed by the Act makes it simply not worth the 
risk to serve on a board of directors without insurance. Please explain what other 
impact the Act has on the board. Is there evidence to suggest that directors spend 
more time on compliance issues rather than corporate strategy? 

Response. [Mr. Piche’s response to question 2 was not available at the time the 
hearing record was printed.] 



126 


jOHN f KfRftY, MASSACHUSCTTS, CHAIfiMAM 
CUYMPtA J. SNOW« , MAINE, RANKING MEMBER 
CARt leVIN. MiCHiOAN CHWSTOPHER S. BONO. MISSOURI 

TOM NARKIN. IOWA NORM COUMAN, MINNESOTA 

JOSEPH I. UE8ERMAN. CONNECTICUT OAVtOVimR. LOUISIANA 

MARY LANORIEU, LOUISIANA lUZASETH DOLE. NORTH CAROLINA 

MAfllACANTWELUWASMlNGTQN JOHN THUN6, SOUTH DAKOTA 

EVAN BAYH, INOiANA BOS CORKER. TCNNESSEE 

MARK PRYOR. ARKANSAS MICHAEL ENZI.WYOMtNG 

8ENJAMIN L. CARDIN. MAftYlAND JOHNNY ISAKSON, GEORGIA 

JON TESTER, MONTANA 

NAOMI BAUM, OSMOCHAnC STAFF DIRECTOR 
WALLACE HSUEM. REPUBLICAN STAFF OlRECTOR 


lanitEd ^mtes Senate 

Committee on Small Business & Entrepreneurship 
Washington, DC 20510-6350 


February 23, 2007 


The Honorable Christopher Cox 
Chairman 

Securities and Exchange Commission 
450 Fifth Street, N.W. 

Washington, D.C. 20549 

The Honorable Mark W. Olson 
Chairman 

Public Company Accounting Oversight Board 
1666 K Street, N.W. 

Washington, D.C. 20006 

Dear Chairmen Cox and Olson: 

Just a few years ago, the trust and confidence of the American people in their financial 
markets was seriously eroded by the emergence of a series of corporate accounting 
scandals. The Sarbanes-Oxley Act of 2002 helped restore confidence in our capital 
markets and increasing accountability to the corporate governance of public companies. 

We support the efforts of the U.S. Securities and Exchange Commission (SEC) and the 
Public Company Accounting Oversight Board (PCAOB) to ease the regulatory burden of 
Section 404 of the Act by issuing new interpretative guidance on internal controls for 
small public companies. We believe these final proposals will help to reduce the costs, 
and the time, that small public companies spend complying with Sarbanes Oxley Act of 
2002. 

However, as these rules have not yet been finalized, we respectfully request that the 
implementation date of Section 404 for small public companies be delayed for up to one 
additional year from the date that both the SEC and the PCAOB issue their final Section 
404 guidance. We believe this extension will provide small public companies the 
appropriate amount of time needed to comply with these new compliance and auditing 
standards. 

If the SEC chooses to defer these implementation dates for an additional year, it is our 
understanding that calendar year filers would have until the 2008 annual report to file 
their management internal control reports and until the 2009 annual report to file the 
auditor's attestation report. This additional time would make it easier for many small 
businesses to make the transition to the new internal controls requirements. 



127 


Additionally, we also request that the SEC and PCAOB carefully consider all comments 
by small public companies, especially non-accelerated filers, before setting a final 
implementation date for the new auditing standards. We believe the comments made by 
small businesses concerning the proposed rules will give the SEC and the PCAOB the 
best guidance as to the amount of time non-accelerated filers will require to appropriately 
implement the new compliance and auditing standard. 

In making these requests, we acknowledge the SEC’s previous postponement of the date 
by which smaller public companies were required to comply with the Act’s internal 
control reporting requirements. We believe this extension was wise and appreciate the 
SEC’s willingness to respond to the needs of small issuers. 

Small public companies are vital participants of U.S. capital markets as well as critical 
components of future economic growth and high-wage job creation. However, according 
to a recent United States Government Accounting Office study, the cost of compliance 
and the time needed for small public companies to comply with the Sarbanes-Oxley 
regulations has been disproportionately higher than for large public companies. 

While most large companies are effectively dealing with Sarbanes-Oxley’s changes, 
many small public companies continue to have difficulties in complying with the Act’s 
moving auditing standards. Published reports show the number of restatements of 
financial results for large companies declined by approximately 20 percent in 2006. 
Inversely, small public companies, with assets of less than $75 million, saw the number 
of restatements increase by 42 percent in 2006. This increase demonstrates the additional 
costs and burdens small businesses face as they continue to update their internal control 
processes while they await the final SEC and PCAOB guidance governing these controls. 

We urge the SEC to consider giving small public companies this much needed extension. 
We believe this process will help reduce the costs and increase the attractiveness for 
small public companies to participate in United States capital markets. Ultimately, our 
sensitivity to the needs and concerns of smaller public companies will help promote the 
strength of the U.S. economy and enable dynamic private firms to grow by helping them 
become thriving, innovative public companies. 


Thank you in advance for your consideration of this request. 




128 


1666 K Street, N.W. 
Washington, DC 20006 
Telephone; (202) 207-9100 

Public Company Accounting Overeight Board Facsimile: (202) 862-8430 

wvAv.pcaobus.org 


PCAOB 


March 7, 2007 


The Honorable John F. Kerry 

Chairman, Committee on Small, Business & Entrepreneurship 

United States Senate 

428A Russell Senate Office Building 

Washington, DC 20510-6350 

Dear Chairman Kerry: 

On behalf of the Public Company Accounting Oversight Board, I wish to thank you for 
your February 23, 2007 letter concerning Section 404 of the Sarbancs-Oxley Act and small 
public companies. Through its enactment of the Sarbanes-Oxley Act, Congress entrusted the 
Board with the important mission of furthering the public interest in the preparation of 
informative, accurate, and independent audit reports. We appreciate your input as we strive to 
carry out that mission, including improving the implementation of the Act’s internal control 
requirements. 

In your letter, you note the importance of small public companies as engines of future 
economic growth and job creation. We strongly agree that small public companies play a key 
role in the U.S. economy, and unnecessary costs related to Section 404 should be eliminated. 

We appreciate your view that our recently proposed auditing standard is a step towards that goal. 

In your letter, you also request that the Securities and Exchange Commission extend the 
dale by which small public companies would be required to comply with Section 404. In its 
recent final rule extending the Section 404 compliance dates for non-acceleratcd filers, the SEC 
stated that it will consider further compliance date extensions — for both the requirement to file 
management's assessment of internal control and the requirement to file the related auditor’s 
report — based on the liming of its final guidance and its consideration of the Board’s proposed 
auditing standard. The Board will coordinate with the SEC to make the transition to Section 404 
compliance for non-acccleraled filers as smooth as possible. Moreover, the Board’s standard on 
auditing internal control will not apply to audits of non-accelerated filers until they are required 
by the Commission to obtain an audit of internal control. 

Your letter also notes the importance of public comment to the regulatory process. The 
Board strongly agrees with your views. As we move towards adopting a standard that protects 
the interests of investors while providing for a more risk-based and scalable audit of internal 
control, we will carefully consider all comment letters that we receive. 



129 


PCAOB 

Pubiic CofTpany Accooning Oeni^ Soatrl 


The Honorable John F. Kerry 
March 7, 2007 
Page 2 


Thank you once again for your letter. 1 look forward to continuing to work with you and 
your colleagues on the Senate Committee on Small Business and Entrepreneurship. Please feel 
free to call me at (202) 207- 9201, or have your staff contact Mary Moore Hamrick, Director, 
Office of External Relations, at (202) 207-9170, should you have any questions. 



Chairman 


cc: Senator Olympia J. Snowe 

Chairman Christopher Cox, SEC 



130 


CHRISTOPHER COX 

CHAIRMAN 


HEADQUARTERS 
too F STREET, NE 
WASHINGTON. DC 20S49 



UNITED STATES 

SECURITIES AND EXCHANGE COMMISSION 


REGIONAL OFFICES 

NEW YORK, CHiCAQO. 

LOS ANGELES, DENVER, MIAMI 

DISTRICT OFFICES 

eOSTON. PHILADELPHIA, ATLANTA, 
FORT WORTH, SALT LAKE CITY, 
SAN FRANCISCO 


April 5, 2007 


The Honorable John F. Kerry 
Chairman 

Committee on Small Business & Entrepreneurship 
United States Senate 
Washington, DC 20510-6350 

Dear Chairman Kerry: 

Thank you for your recent letter in which you express your support for improving 
implementation of Section 404 of the Sarbanes-Oxley Act of 2002, particularly with respect to 
smaller public companies. 

As you know, companies subject to the periodic reporting requirements of the Securities 
Exchange Act of 1 934 with a public float of less than $75 million have not yet become subject to 
the Section 404 requirements. In your letter, you request that the Commission and PCAOB 
carefully consider all of the comments from smaller public companies on the Commission’s 
proposed interpretive guidance for management on evaluating internal control over financial 
reporting and on the PCAOB’s proposal to replace Auditing Standard No. 2 with a new auditing 
standard before setting final compliance dates for smaller companies. I assure you that the 
Commission will do so, 

I agree with you on the importance of soliciting the views of companies and other 
interested parties on the Commission’s guidance before issuing it in final form to make sure that 
the guidance is appropriate and will be usefiil. The public comment period on our interpretive 
guidance closed on February 26, 2007 and we received nearly 200 letters of comment, 
Additionally, the comment period on the PCAOB’s proposal to replace Auditing Standard No, 2 
with a new auditing standard also closed on February 26*. The PCAOB is evaluating the public 
comments, and we will work closely with them towards the adoption of a revised standard. 

You also urge the Commission to consider a delay of the currently scheduled compliance 
dates for smaller public companies for an additional year from the time that the interpretive 
guidance and revised audit standard are issued in final form. To date, the Commission has 
approved four separate extensions of the Section 404 compliance dates for smaller public 
companies, the last of which was in December 2006, In the December 2006 release granting the 
last extension, the Commission stated that, if we have not issued additional guidance for 
management on how to complete its assessment of internal control over financial reporting in 
time to be of sufficient assistance for companies as they prepare their annual reports filed for 


CHAIRMAN0FFICC@8ec.<30V 

WWW.6EC.aOV 



131 


The Honorable John F. Kerry 
Page 2 

fiscal years ending on or after December 15, 2007, we will consider whether we should further 
postpone the compliance date. We similarly stated that we will consider further postponing the 
December 15, 2008 compliance date for auditor attestation reports after the Commission has 
approved the new auditing standard to replace Auditing Standard No. 2. 

Until the Commission should adopt final interpretive guidance and approve a final 
auditing standard to replace Auditing Standard No. 2, it would be premature for the Commission 
to decide whether an additional extension is warranted. Once the Commission has approved new 
guidance and a new auditing standard, I can assure you that the Commission will at that time 
consider whether smaller companies will need more time to comply with the Section 404 
requirements. Please be assured that our primary objective is to make the Section 404 
compliance process as efficient as possible for all companies. 

Thank you again for writing to express the Committee’s views on this important subject 
I look forward to the opportunity to discuss these issues further with you and the Committee at 
your April 18 hearing. 


Christopher Cox 
Chairman 




COMMENTS FOR THE RECORD 


( 133 ) 



134 


Statement of Senator Mike Enzi 

Senate Committee on Small Business Hearing on: 

“Sarbanes-Oxley and Small Business: Addressing Proposed 
Regulatory Changes and their Impact on Capital Markets” 

April 18, 2007 


As a member of the Senate Committee on Small Business and the Senate Banking 
Committee, I have been at the forefront of this issue since Sarbanes-Oxley was first 
drafted in 2002. During those early days, the United States capital markets were in a 
tailspin. The accounting scandals at Enron and WorldCom damaged America’s 
confidence in our markets, and our economy was in decline as a result. After passage 
of Sarbanes-Oxley, we have seen confidence rise once more, and our economy 
continues to expand, creating jobs and wealth for more Americans than ever before. 
The Sarbanes-Oxley Act is contributing to this expansion because investors again feel 
confident when they invest in American financial markets. Public company operations 
are more transparent and CEOs are held accountable for the actions of their 
employees. 

One needs only to read the papers to see the benefits of Sarbanes-Oxley. The options 
backdating scandal that is being investigated by the SEC has reached some of the 
largest and most recognizable companies in America. Yet the scope of this scandal 
was limited to practices prior to the enactment of Sarbanes-Oxley. There is little doubt 
the Act has helped in this regard. 

However, the implementation of Sarbanes-Oxley is not complete, and this is the reason 
why we are here today. About half of all publically-traded companies, those under $75 
million in market capitalization, have yet to implement the requirements of Sarbanes- 
Oxley as they relate to internal controls, commonly referred to as Section 404. The 
concerns about the price of Section 404 voiced by small businesses are well-founded, 
and action should be taken to reduce these costs. I expect Chairman Cox and 
Chairman Olson to discuss some of these ideas today. However, as most small 
businesses have yet to experience a 404 audit, there is also a lot of mystery and 
speculation surrounding the projected costs. Today is an opportunity to clarify the small 
business situation and dispel some of the rumors. 

All public companies should be responsible stewards of the public's trust, and therefore 
should be able to withstand a certain level of public scrutiny. This is the heart of 
Sarbanes-Oxley and Section 404. It is also central to the mission of the Public 



135 


Company Accounting Oversight Board (the “Board"), w/hich oversees accountants who 
audit large and small companies. 

The Board is in a strategic position that gives them the opportunity to lower the cost of 
audit fees borne by small companies through their guidance. And they have taken 
multiple steps to lower costs, including encouraging a change to the audit culture itself. 
For example, I was pleased when the revised guidance issued last December by the 
Board emphasized auditor’s use of the work of others. Allowing auditors to look at the 
big picture by reviewing past audits and management’s evaluation can significantly 
reduce the costs of Section 404 audits to smaller businesses. By removing the 
“Principle Evidence Provision," the Board is promoting a significant change within the 
auditor community, and the industry must be receptive to it if small businesses will see 
reduced costs. 

There is also a continued role for the Board in working with smaller audit firms as they 
attempt to perform Section 404 audits for the first time. In April 2006, the Government 
Accountability Office (GAO) issued a report requested by Senator Snowe and me 
requiring an investigation of the potential costs of Sarbanes-Oxley on small businesses. 
One of the developments predicted by this report was a bigger role for smaller 
accounting firms performing 404 audits. In anticipation of this, the Board has been 
holding forums across the country to assist small firms to prepare for these audits. 
These forums have been invaluable, and the proactive approach exhibited by the Board 
will no doubt reduce costs for small companies in the future. 

I am optimistic that the larger accounting firms, who have been auditing large 
companies for four years now, will also be able to assist smaller firms to overcome the 
steep learning curve. There is a wealth of knowledge to be gained from the first four 
years of accelerated filers and their auditors, and using that knowledge can reduce 
costs for those reporting for the first time. 

Another concern described in the GAO report was the effect of “deferred maintenance" 
by smaller public companies. All public companies have been required to establish and 
maintain internal controls since 1 977. It is clear that many smaller companies have 
faced particular challenges in this regard, due to the economies of scale and the 
different management structure of smaller companies. I am very concerned that this 
will lead to higher costs when small businesses are required to comply with Section 
404. 

The Securities and Exchange Commission (the “Commission") has taken a proactive 
approach in this area as well. In the revised guidance, the Commission established a 
two-year strategy for smaller companies, requiring internal control evaluation from 
management in Year One, and an external audit in Year Two. This is the right 
approach for small business, and introducing a level of scalability for small public 
companies in the Commission’s guidance has enormous potential for reducing costs. 



136 


I am pleased that the Commission and the Board have worked collaboratively on their 
Section 404 guidance. Complementary guidance, along with a close attention paid to 
the nature of smaller companies, is the best strategy for successful implementation of 
Section 404 of the Sarbanes-Oxley Act. 

The Committee on Small Business knows that the economies of scale create a 
disproportionate burden for smaller companies, in Sarbanes-Oxley implementation or 
any other federal regulation. This was confirmed by the GAO study released last year 
on Section 404. Yet the key to overcoming this disadvantage is clear and concise 
guidance from the Board and the Commission, not legislative reform. This was the 
conclusion reached by the McKinsey Report on global competitiveness, also known as 
the Schumer-Bloomberg Report, and industry roundtables held by the Department of 
the Treasury and the Chamber of Commerce held earlier this year. 

I strongly urge both the Commission and the Board to continue to work to overcome this 
disadvantage for small companies. This includes guidance for Section 404 audits that 
are top-down and risk-based. Auditors must be encouraged to use their professional 
judgement without fear of liability, and small companies must be confident that, if they 
follow management guidance, they will create effective and compliant internal controls. 

It has been five years since the passage of the Sarbanes-Oxley Act, and it is time to 
overcome the final hurdles preventing implementation of this law for all public 
companies. 

1 look forward to the testimony of Chairman Cox and Chairman Olson, and continuing 
my dialogue with them as they refine their guidance. Implementation of Sarbanes- 
Oxley is key to the success of our markets. Accountability, transparency, and strong 
internal controls benefit investors and businesses alike. 



137 



Advocacy: the voice of small business in government 


Statement submitted by 

The Honorable Thomas M. Sullivan 
Chief Counsel for Advocacy 
U.S. Small Business Administration 


U.S. Senate Committee on Small Business & Entrepreneurship 


Hearing Date: April 18,2007 

Topic: Sarbanes-Oxley and Small Business; 

Addressing Proposed Regulatory Changes and their 
Impacts on Capital Markets 


138 


I am submitting this written statement because a death in my family prevents 
me from presenting testimony in person. I commend the U.S. Senate Committee on 
Small Business & Entrepreneurship for holding this hearing. And, I thank you for 
soliciting my views. The topic of how the Sarbanes-Oxley Act impacts smalt business is 
an important one and the small business community will benefit by this Committee’s 
focus on the proposals under consideration by the U.S. Securities and Exchange 
Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB). 

Congress established the Office of Advocacy to represent the views of small 
entities before Congress and Federal agencies. The Office of Advocacy (Advocacy) is an 
independent office within the U.S. Small Business Administration (SBA), and therefore 
the comments expressed in this statement do not necessarily reflect the position of the 
Administration or the SBA. Advocacy takes its direction from small businesses; 
therefore my remarks will be a reflection of what small business groups have shared with 
Advocacy. One of Advocacy’s main responsibilities is to ensure agency compliance with 
the Regulatory Flexibility Act (RFA). The RFA’s main purpose is to make certain that 
small entities are given due consideration when agencies promulgate regulations.' 

Advocacy’s involvement with the Sarbanes-Oxley Act (the Act) began in 2002, 
when our office asked Chairman Oxley and Chairman Sarbanes to include flexibility in 
the bill then being considered that would be sufficient to avoid unnecessary impacts to 
small businesses. Since the passage of the Act, small business representatives have 
contacted Advocacy to inform us of their concerns with the new audit requirements of 
Section 404. Advocacy has submitted numerous comment letters to the SEC and the 

' Regulatory Flexibility Act of 1980, Pub. L. No. 96-354, 94 Stat. 1 164 (1980) (codified as amended at 5 
U.S.C. § 601 et seq.). 



139 


PCAOB communicating these small business concerns? Small businesses are worried 
that auditors, when faced with a new requirement to sign off on a company’s internal 
controls, will employ expensive and time-consuming audit procedures. There is a 
compelling record demonstrating that the costs of complying with Section 404 are large 
and disproportionately high for small public companies. These entities have told 
Advocacy that changes to the requirements of Section 404 of the Act are necessary. 
Advocacy believes that the excessive cost of Section 404 internal controls reporting may 
restrict a new generation of small innovative companies from seeking capital in the U.S. 
capital markets. 

To its credit, after the passage of the Sarbanes-Oxley Act, the Commission 
quickly realized the costs inherent in complying with Section 404 and delayed the 
implementation of Section 404 for small businesses. 1 would like to thank Chairman Cox 
and Chairman Olson for their leadership, hard work, and on-going dedication in the 
difficult process of implementing Section 404. The SEC and the PCAOB should also be 
commended for their job in reaching out to small public companies to understand the 
impacts and problems with Section 404. In 2005, the SEC chartered the Advisory 
Committee on Smaller Public Companies (Advisory Committee) to assess the impact of 
the Act on smaller companies, and make recommendations for changes. After a year of 
deliberations and solicitation of public input, the Advisory Committee made its final 
written recommendations last year. The SEC and the PCAOB have also held roundtables 
to solicit input from small public companies, and listened to the concerns of the small 
business community. 


Archive of Advocacy comment letters on the Section 404 of the Act, httD://www.sba.gov/advo . 



140 


Advocacy hosted its own small business roundtable in January 2007 to solicit 
input from small business representatives on the new proposals undertaken by the SEC 
and the PCAOB? This roundtable followed years of dialogue between Advocacy and 
small entities concerning the implementation of the Act. Advocacy commends the staff 
members of the SEC and the PCAOB who attended this roundtable and explained the 
proposals, answered questions, and listened to issues of the small business community. 
Small businesses raised significant concerns with these proposals, including: (1) the need 
for further clarifications of major provisions from these proposals, (2) the need to 
examine whether these proposals actually reduce compliance costs and provide 
scalability for small public companies, and (3) the need for more time to implement the 
new requirements. 

Based on these comments. Advocacy strongly recommends that the SEC 
continue to provide further extensions for small public companies until such time as more 
cost-effective procedures for internal controls can be developed. Additionally, Advocacy 
urges Congress to exempt smaller public companies from Section 404(b). 

I. Background on Section 404- One Size Does Not Fit All 

Congress enacted the Sarbanes-Oxley Act of 2002 (the Act)'' in response to public 
concern about high-profile fraudulent financial reporting by companies like Enron and 
WorldCom. Section 404 of the Act requires public companies to report on their internal 
controls over financial reporting, or about systems they have in place to guard against 
fraudulent transactions. Section 404(a) requires management to establish and maintain an 

^ Small business concerns from this roundtable are summarized in a comment letter from Thomas M. 
Sullivan, Chief Counsel, Office of Advocacy, SBA, to the SEC and the PCOAB (Feb. 21 , 2007), available 
at: http://www.sba.gov/advo/laws/comments/sec07 0221.html . 

“ Sarbanes-Oxley Act of 2002, Pub. L. 107-204, Title IV, 1 16 Stat. 789 (2002) (codified in 15 U.S.C. § 
7262). 




141 


adequate internal control structure and include in its annual report to the SEC an 
assessment or a report of the effectiveness of these internal controls. Section 404(b) 
requires that management hire an outside auditing firm to submit an audit report attesting 
to, and reporting on the management’s assessment of the company’s internal controls.^ 
The ultimate goal of this section is to ensure the accuracy of a company’s financial 
reports, and thus improve investor confidence. The Public Company Accounting 
Oversight Board, a non-profit corporation created by the Act to oversee the auditors of 
public companies, created Auditing Standard No.2 (AS-2) as a guide for auditors 
evaluating a company’s internal controls reporting under Section 404(b). 

The SEC’s own Advisory Committee on Smaller Public Companies has 
concluded that a big problem with Section 404 was the implementation of AS-2, a 
prescriptive 300-page “grade book” for auditors evaluating public companies.^ External 
auditors have applied this one-size-flts-all standard to both large and small companies. 
Companies have reported that auditors are not focusing on risks to financial reporting, but 
are auditing every process, which created redundancies and excessive costs. In the 
absence of management guidance, companies have been obliged to use the complicated 
AS-2 as a de facto guidance. Small public companies have experienced challenges in 
implementing AS-2, because it does not take into account the different characteristics that 
affect a company’s financial reporting risks and internal controls, such as differences in 
organizational structure, ability to segregate duties and amount of resources available for 
Section 404 compliance. 

^ 15 U.S.C. § 7262. 

^ SEC Advisory Committee on Smaller Public Companies, Final Report of the SEC Advisory Committee 
on Smaller Public Companies 32 (Apr. 23, 2006) {Advisory Committee Report), available at 
httD://www.sec.gov/info/smaHbus/acspc.shtml . 


142 


II. Section 404 Imposes Disproportionate Costs On Smaller Public Companies 
Due to the problems with Section 404 and AS-2, the costs of implementing 
Section 404 have greatly exceeded those originally anticipated by the SEC. In June 
2003, the SEC estimated that “the average annual internal cost of compliance with 
Section 404 over the first three years would be $91,000, and that cost would be 
proportional relative to the size of the company.”^ To the contrary, all evidence indicates 
that Section 404 compliance costs are dramatically higher. A survey of actual 
compliance costs conducted by Financial Executives International in 2006 found that 
first-year compliance costs for Section 404 were $3.8 million for accelerated filers and 
$935,000 for smaller public companies or non-accelerated filers.* 

Smaller public companies are likely to be hit especially hard by the costs of 
compliance with Section 404. The 2005 Advocacy-funded study by W. Mark Crain, The 
Impact of Regulatory Costs on Small Firms, found that, in general, small businesses are 
disproportionately affected by federal regulations.’ Crain found that small firms with 
fewer than 20 employees annually spend 45 percent more per employee than larger firms 
to comply with federal regulations.'® Likewise, the report by the SEC’s Advisory 
Committee on Smaller Public Companies noted that Section 404 costs in relation to 
revenue will be disproportionately borne by smaller public companies." This report 
found that small public companies with a market capitalization of under $100 million are 
expected to spend 2.55 percent of their revenue on Section 404 compliance, while larger 

’ Advisory Committee Report, at 29 (emphasis added). 

* FBI, Survey on SOX Section 404 Implementation, Exhibit A: Costs by Filing Status (March 2006), 

’ The Impact of Federal Regulations on Small Firms, an Advocacy-funded study by W. Mark Crain, Sept. 
2005 available at: http://www.sba.gov/advo/research/rs264tot.pdf . 

"‘Id. 

" Advisory Committee Report, at 33. 




143 


companies with a market capitalization of over $ 1 billion are expected to spend 0. 1 6 
percent of their revenue on such costs.’^ 

Moreover, recent studies by the Committee on Capital Markets Regulation,*^ 
McKinsey & Company, *'* and the U.S. Chamber of Commerce*^ provide evidence that 
the burdensome Section 404 requirements have already made the United States capital 
markets an increasingly unattractive environment to list shares, decreasing the number of 
initial public offerings (IPOs), and forcing companies to go private or to foreign stock 
exchanges. In a study by Foley & Lardner LLP, 81 percent of respondents felt that the 
Section 404 requirements were too strict, and 21 percent of respondents are considering 
going private as a result.'^ The Section 404 requirements will likely impose major 
obstacles to small public companies seeking capital, perhaps to such an extent that their 
application to small issuers would dissuade small businesses entirely from accessing U.S. 
capital markets. 

III. Small Entities Have Expressed Serious Concerns with Both Proposals 

Advocacy acknowledges the efforts undertaken by the SEC and the PCAOB to 
make internal controls reporting requirements more cost-effective and efficient for small 
public companies. The SEC’s proposed management guidance attempts to set forth a 


” Committee on Capital Markets Regulation, Interim Report of the Committee on Capital Markets 
Regulation (Nov. 30, 2006), available at: 

http://www.capmktsreg.Org/pdfs/l 1 ..tOComniittee Interim ReDOrtREV2.Ddf . 

McKinsey & Co, Sustaining New York 's and the US Global Financial Services Leadership (Jan. 22, 
2007), available at: 

http://schumer.scnate.gov/SchumerWebsite/prcssroom/spccial reports/2007/NY REPORT%20 FlNAl-odf . 

Commission on the Regulation of U.S. Capital Markets in the 21“ Century, Report and 
Recommendations (March 2007), available at: http://www.uschamber.com/portal/caDmarkets/default . 

Thomas E. Hartman, Foley & Lardner LLP, The Cost of Being Public in the Era of Sarbanes-Oxley (June 
16, 2005), available at: http://www.fei.org/download/folev 6 16 2005.pdf . 





144 


“top-down, risk-based” approach for management to complete Section 404(a).'’ The 
PCAOB also revised the controversial Auditing Standard No. 2, incorporating the same 
“top-down, risk-based” approach.'* 

Despite these efforts, small businesses continue to have serious concerns about 

Section 404. On January 26, 2007, Advocacy held a small business roundtable, including 

small business owners and representatives, trade association staff, congressional staffers, 

and personnel from the SEC and the PCAOB. Participants raised the following concerns 

with the SEC’s management guidance and the PCAOB’s revised auditing standard; 

1) Small Businesses Request Clarification of Major Provisions in Both Proposals 

a. The SEC and the PCAOB Must Resolve Differences Between the 

Management Guidance and the Revised Auditing Standard 

The Institute of Management Accountants has commented that the SEC and the 

PCAOB have created two conflicting rule books for the same task of internal controls 

reporting, and this is a source of confusion and complexity.'^ For example, small 

businesses are concerned that the SEC’s management guidance is vague and “principles- 

based” to provide scalability for the management of small public companies, while the 

PCAOB’s revised auditing standard is more prescriptive and detailed on how auditors 

must evaluate a management’s internal controls reporting process. Small businesses have 

stated that they will be using the PCAOB’s revised auditing standard as their de facto 

guidance, because they are afraid that following the SEC’s management guidance will 

” Management 's Report on Internal Control Over Financial Reporting; Proposed interpretation; Proposed 
Rule, 71 Fed. Reg. 77,635 (Dec. 27, 2006). 

'* Proposed Auditing Standard-An Audit of Internal Control Over Financial Reporting that is Integrated 
with an Audit of Financial Statements and Related Proposals, Release No. 2006-007 (Public Company 
Accounting Oversight Board, Dec. 2006). 

Comment letter from Paul A. Sharman, President and CEO, Institute of Management Accountants, to the 
SEC and the PCOAB (Feb. 13, 2007) (IMA Comment Letter), available at 
http://www.sec.eov/comments/s7-24-06/lddevonish-mills5470.ndf . 


145 


result in a negative audit by an auditor utilizing a more detailed and prescriptive auditing 
standard. Advocacy recommends that the SEC add practical information in the 
management guidance on how management can complete a scaled internal controls 
report. For example, the U.S. Chamber of Commerce has commented that the SEC 
guidance could use more illustrative examples and feedback of how the guidance should 
be implemented, such as examples of insufficient compliance measures as well as overly 
conservative implementation.^® Advocacy also recommends that the SEC and the 
PCAOB work together to make the revised auditing standard less prescriptive. 

The Institute of Management Accountants and the U.S. Chamber of Commerce 
have commented on very significant inconsistencies between the two documents, 
including the process of identifying controls and significant accounts, and definitions 
such as material weakness, significant deficiency, and materiality.^' Advocacy also 
recommends that the SEC and PCAOB work together to make sure that these 
inconsistencies are harmonized. 

b. The SEC and the PCAOB Should Address Management and Auditor 
Liability 

Participants at the roundtable raised the issue of liability in the Section 404 
process as an important factor that most impedes the ability of these proposals to provide 
a scalable and cost-effective audit. These small business representatives stated that the 
management of small public companies needs assurances that they will not be held liable 
for completing a scaled-down report pursuant to the management guidance. In particular, 

™ Comment letter from David C. Chavera, Chief Operating Officer and Senior Vice President, to the SEC 
and the PCAOB (February 26, 2007) (U.S. Chamber of Commerce Letter), available at'. 
http://www.sec.gov/comments/s7-24-06/s724Q6-213.ptlf . 

IMA Comment Letter, at 2; U.S. Chamber of Commerce Letter, at 4. 



146 


small businesses seek clarification of the provision which states that “the proposed 
amendments would be similar to a non-exclusive safe-harbor.”^^ Participants of the 
roundtable asked for further details of the safe harbor, such as how this safe harbor can be 
claimed and what type of liability protection this would afford. 

Participants noted that auditors also need assurances from the PCAOB that they 
will not be penalized for auditing and approving a scaled management report in the 
PCAOB inspections process. One participant at the roundtable stated that auditors are 
attributing a large percentage of their auditing fees to the potential liability and litigation 
exposure for these Section 404 audits. These new Section 404 requirements are likely 
increasing the potential liability of auditors and increasing the costs of these audits. 

2) The SEC and the PCAOB Need to Examine Whether Proposals Reduce the 
Compliance Costs and Provide Scalability for Smail Public Companies 

Participants at Advocacy’s roundtable commented that the SEC’s management 
guidance and the PCAOB’s revised auditing standard do not provide enough guidance on 
how small public companies can scale their audits to make them cost-effective. Small 
public companies need further guidance on ways that their audit of internal controls can 
be tailored, in the form of illustrations, case studies and examples. 

Small business representatives also suggested that the rules implementing Section 
404 not be implemented until these proposals have been fully tested to determine whether 
they will actually result in scalability and cost savings for small public companies. Such 
testing would allow for corrections in the standard, if the testing shows that the standard 
needs revision. 


22 


71 Fed. Reg. at 77,649 (Dec. 27, 2006). 



147 


3) Small Public Companies Need More Time to Implement New Requirements 

Small public companies expressed concern with the timing of these draft 
proposals. Although the SEC and the PCAOB just released these proposals in December 
2006, most small public companies will still be expected to complete a management 
report on internal controls reporting by the end of the year and submit an auditor’s report 
attesting to these internal controls next year.^ Neither of these proposals has been 
finalized, and the SEC and the PCAOB still need to complete major revisions to their 
respective proposals. Participants at the Advocacy’s roundtable strongly recommended 
that the SEC provide a further extension for small public companies in order to provide 
management with extra time to understand and implement these complex Section 404 
proposals. Small entities commented that they had already planned and budgeted for FY 
2007 the prior year, and it would be difficult and costly to start a new internal control 
reporting process in the middle of spring 2007. 

Participants at the roundtable explained that it will take a longer time for small 
public companies to create and implement any new internal controls reporting process. 
Although small public companies regularly submit annual financial reports to the SEC, 
the internal controls reporting process is time intensive because it adds the new 
requirements of identifying processes, assessing risk levels, and documenting and testing 
the internal controls. Small companies are at a disadvantage in complying with Section 
404 because they have more informal processes and fewer personnel and accountants. 
William Zaiser, the Chief Financial Officer at a MHl Hospitality Corporation, a small 

71 Fed. Reg. 76,580 (Dec. 21 , 2006). Under the SEC’s extensions, non-accelerated filers would submit a 
management assessment report with its annual report for the first fiscal year ending on or after December 
15, 2007, These entities would not be required to submit an auditor’s attestation report until the following 
year, or the first fiscal year ending on or after December 15, 2008. 



148 


public company with a market capitalization of $64 million, hired an external consultant, 
and it still took four months to begin the internal controls reporting process. Zaiser stated 
that it would be very difficult if his company had to start the Section 404 process at this 
later date because his company would have to hire extra staff, or he would have to devote 
a large amount of his time to this project.^'* According to a Government Accountability 
Office survey of small business companies in 2005, 81 percent of the respondents hired a 
separate accounting firm or external consultants to assist them with Section 404 
requirements, at an individual cost of $3,000 to $1 .4 miltion.^^ 

IV. Regulatory Flexibility Act Determinations 

Advocacy commends the SEC and the PCAOB for developing these proposals in 
an effort to make Section 404 more cost-effective and efficient for small companies. 
Advocacy strongly recommends that the SEC continue to provide further extensions for 
small public companies until such time as more cost-effective procedures for internal 
controls reporting can be developed. 

Advocacy also recommends that the SEC complete a revised final regulatory 
flexibility analysis (FRF A) of the final reporting procedures under Section 604 of the 
Regulatory Flexibility Act. The last regulatory analysis was completed in August 14, 
2003, and this final regulatory flexibility analysis severely underestimates the cost of 
compliance with Section 404 of the Act. The SEC’s 2003 FRFA states that small public 
companies will be “subject to an added reporting burden of approximately 398 hours and 
the portion of that burden that is reflected as the cost associated with outside 

Telephone interview with William J. Zaiser, Chief Financial Officer, MHI Hospitality Corporation, in 
Greenbelt, Md. (Feb. 13, 2007). 

GAO, Report to the Committee on Small Business and Entrepreneurship, US. Senate, Sarbanes-Oxley 
Act: Consideration of Key Principles Needed in Addressing Implementation for Smaller Public 
Companies, at 17. (April 2006) available at: http://www.gaQ.gov/new.Itcms/dQ636 1 .pdf . 



149 


professionals is approximately $35,286 [per year]. We believe, however, that the annual 
average burden and costs for small issuers are much lower Current industry estimates 
place the Section 404 compliance burden at almost $1 million per year for small public 
companies?’ 

Advocacy also recommends that the SEC complete a required Small Business 
Compliance Guide for this rule. Under Section 212 of the Small Business Regulatory 
Enforcement Fairness Act (SBREFA), “for each rule or group of related rules for which 
an agency is required to prepare a final regulatory flexibility analysis... the agency shall 
publish one or more guides to assist small entities in complying with the rule.”’* 

V. Legislative Recommendations 

Advocacy suggests that Congress revise Section 404 of the Act to exempt smaller 
public companies from the requirements of Section 404(b). This is consistent with the 
SEC’s Advisory Committee report, which recommended that smaller public companies 
be held to a different compliance standard.’^ 

Advocacy recommends that Congress require the SEC and the PCAOB to submit 
a report with recommendations to the relevant committees of Congress, including the 
U.S. House Small Business Committee and the U.S. Senate Small Business & 
Entrepreneurship Committee, assessing the impact of Section 404 on smaller public 
companies after two years of implementation. 


Management 's Report on Internal Control Over Financial Reporting an Certification of Disclosure In 
Exchange Act Periodic Reports, Exchange Act Release No. 3308238; 34047986; IC-26068 (Aug. 14, 
2003), available at: http://www.sec.gov/rules/final/33-8238.htiii . 

See Note 8. 

Small Business Regulatory Enforcement Fairness Act, Pub. L. 104-121, Title 11, 1 10 Stat. 857 (1996) 
(codified in various sections of 5 U.S.C. § 601 et seq.). 

® Advisory Committee Report, at 4. 



150 


VI. Conclusion 

Advocacy has worked closely with the SEC and the PCAOB since the Sarbanes- 
Oxley Act was enacted in 2002 and appreciates their continuing efforts to make the 
internal controls process less burdensome for small public companies. Based on input 
provided by small businesses at our roundtable. Advocacy strongly recommends that the 
SEC and the PCAOB continue to seek further flexibility for small public companies and 
an extension of time to comply with the requirements. Additionally, Advocacy urges 
Congress to exempt smaller public companies from Section 404(b). 


Created by Congress in 1976, the Office of Advocacy of the U.S. 
Small Business Administration (SB A) is an independent voice for 
small business within the federal government. The Chief Counsel for 
Advocacy, who is appointed by the President and confirmed by the 
U.S. Senate, directs the office. The Chief Counsel advances the 
views, concerns, and interests of small business before Congress, 
the White House, federal agencies, federal courts, and state policy 
makers. Issues are identified through economic research, policy 
analyses, and small business outreach. The Chief Counsel’s efforts 
are supported by offices in Washington, D.C., and by Regional 
Advocates. For more information about the Office of Advocacy, visit 
htto://www.sba.aov/advo. or call (202) 205-6533. 



151 


MDMA 

MK'JH- IH \ ii > \l \s ( ,> M n KFKS ASSJXriATlU 
/ -! 1 hHh,\ ('>! P, .n— H n/« iffftismi 


Mark B. Leahey, Esq. 

Executive Director 

Medical Device Manufacturers Association 
(MDMA) 

Before the Committee on Small Business & Entrepreneurship 
United States Senate 

"Sarbanes-Oxley and Small Business: Addressing Proposed Regulatory Changes and Their 
Impact on Capital Markets" 

April 18, 2007 


1 350 1 Street, NW 
Suite 540 

Washington. DC 20005 
P; (202) 354-7171 
F; (202) 357-7176 


Testimony of 


Chairman Kerry, Ranking Member Snowe and the Members of the Small Business and 
Entrepreneurship Committee: 

On behalf of the Medical Device Manufacturers Association (MDMA), I want to thank you for 
providing the opportunity to submit written testimony today on the proposed regulatory changes 
to implement the Section 404 of the Sarbanes-Oxley Act of 2002 (SOX) by the Securities and 
Exchange Commission (Commission) and the Public Company Accounting Oversight Board 
(PCAOB) and their impact on the emerging medical device industry. As one of the driving 
forces of innovation, MDMA member companies play a critical role in fiirthering the growth and 
competitiveness of the U.S. biomedical sector and the U.S. capital markets. 

The MDMA is a national trade association, representing over a hundred innovative medical 
device companies engaged in the research and development of cutting edge and novel 
biomedical device products necessary to treat and improve the lives of patients in all areas of 
healthcare including oncology, vascular therapy, pain management, and neurological disease 
diagnosis, to name a few. The medical technology industry is comprised mostly of small 
businesses with 80 percent of the companies having less than 50 employees. Ninety-eight 
percent of the industry has less than 500 employees. 

As a representative of one of the most innovative high growth sectors of the American economy 
— one in which the U.S. maintains a global leadership position — my testimony will focus on the 
recent SOX Section 404 regulatory revisions proposed by the Commission and the PCAOB * and 
the additional reforms necessary to achieve meaningful reforms that are important to the 
investors. 


i SEC proposed rule concerning "Management's Report on Internal Control Over Financial Reporting" - Release Nos. 33-8762; 
24-54976 (File No. 87-24-06); PCAOB proposed audit standani - "An Audit of Internal Control Over Financial Reporting That Is 
Integrated with An Audit of Financial Statements" and Related Other Proposals - Release No. 2006-007 (Rulemal^g Docket 
No. 021). 



152 


Let me start by saying that we fully appreciate and agree with the Congressional intent behind 
Section 404 - to enhance investor protection and financial integrity of public companies. 

MDMA members strongly support this goal. Where Section 404 has been rendered ineffective 
and costly has been in the implementation process. 

The disproportionate cost impact of SOX Section 404 on the long-term competitiveness of 
America's most innovative and high growth sectors such as the medical device industry are high, 
costing small companies with low revenues and less than 50 employees over $500,000 in 
external audit fees. 

The Commission and the PCAOB have repeatedly acknowledged the high cost burdens of 
Section 404 compliance on smaller public companies and the need for scaled and proportional 
reforms.' The high cost burdens for the smaller companies are also well documented in the final 
report by the SEC's Advisory Committee for Smaller Public Companies, which recommended 
fundamental reforms after its year-long review of Section 404 implementation because it found 
that the current “one-size-flts-all” auditor driven approach greatly hampers the ability of smaller 
public companies to invest in research and development, gain access to public capital markets, 
and thereby jeopardizes the competitiveness of smaller companies that are the growth engines of 
the American economy.- 

The U.S. Government Accountability Office (GAO) has made similar findings in its report to 
this Committee on April, 2006, stating that smaller public companies at the bottom 6 percent of 
total U.S. market capitalization pay up to $1 .4 million in external audit fees for Section 404 
compliance. In fact, 47 percent of the companies reported that Section 404 compliance resulted 
in significant “opportunity costs” by draining resources away from innovation and research.* 

The impact of Section 404 costs on the U.S. economy and the medical device industry’s global 
competitiveness is also of great concern. The recent study on the impact of section 404 on the 
U.S. capital markets by the non-partisan Committee on Capital Markets Regulation^ is 
particularly instructive in describing the current market trends and the circumstances in which 
American company's ability to access capital may be decreasing. The Committee found that the 
U.S. market share of global initial public offerings has fallen from 48 percent in the 1990s to 7.2 
percent in 2006, and that enhancing shareholder rights while at the same time reducing overly- 
burdensome regulations such as Section 404 may help in reducing this declining trend. 

The Members of this Committee may have undoubtedly heard of anecdotal references by foreign 
firms, the majority of whom will be subject to Section 404 compliance beginning July 1 5, 2007, 
that they are foregoing the U.S. capital markets and listing overseas due, in large part, to Section 
404. In fact, the SEC Commissioner Atkins in his letter to the Wall Street Journal on June 10, 


2 Ibid, 

3 Final Report of the Advisory Committee on Smaller Public Companies to the Securities and Exchange Commission (April 23, 
2006) 

4 Report to the Committee on Small Business and Entrepreneurship, U.S. Senate. "SARBANES-OXLEY ACT: Consideration of 
Key Principles Needed in Addressing Implementation for Smaller Public Companies", April, 2006 (GAO 06-361) 

5 The Committee on Capita! Markets Regulation is an independent and bipartisan group comprised of 24 leaders from the 
investor community, business, finance, law, accounting, and academia. It began its work in 2006 and is directed by Prof Hal S. 
Scott, Nomura Professor and Director of Program on International Financial Systems at Harvanl Law School. The Committee 
Co-Chairs are Glenn Hubbard, Dean of Columbia Bu5ines.s School, and John L. Thornton, Chairman of the Brookings Institution. 



153 


2006, indicated that in 2005, nine out of every ten dollars raised by non- U.S. companies through 
new stock offerings were issued overseas, while the reverse was true just six years ago in 2000. 

In addition, it is the experience of MDMA's private company members that an initial public 
offering may not be seen as the optimum path to liquidity for their investors due to the amount of 
cost burdens associated with Section 404 readiness. This issue has been previously noted by the 
head of the Division of Corporation Finance at the Commission as well." 

Proposed SEC and PCAOB Revisions and Need for Further Reform : 

Although we appreciate the Commission and the PCAOB's stated goals’ of reforming Section 
404 requirements and the corresponding PCAOB's audit standards to achieve cost efficiencies, 
scalability and risk based reforms, the proposed new management guidelines and the Auditing 
Standard Number 5 (ASS), fail to achieve the purported principle based reform framework with 
the specificity and the integration necessary to achieve the reforms critical to smaller public 
companies. 

In our September 12, 2006 comment letter to the Commission on its Concept Release 
Concerning Management’s Reports on Internal Control Over Financial Reporting, MDMA, 
along with several other high growth industry organizations representing healthcare technology, 
biotechnology, information and communications technology, electronics and semiconductor 
industries, recommended the need for a management driven, principle based reform framework 
that is integrated, scaled, risk based, and cost effective. 

The adoption and incorporation of the recommended reform framework principles will be critical 
now more than ever as the Commission and the PCAOB finalize their revisions of the 
management guidelines and the ASS. We request the Members of this Committee to urge the 
Commission and the PCAOB to adopt the following principle based reform framework, which 
will provide fundamental Section 404 reforms and address the significant compliance burdens 
facing the smaller public companies today. 

Integrated Principle Based Reform Framework Needed: 

• Reforms must reflect a rational cost-benefit balance. Cost burdens imposed by the 
increasing complexity of required internal controls must yield increased benefits in 
assuring greater investor confidence. 

The current AS5 fails to sufficiently address the need for a cost-benefit balance as it 
continues to give wide discretion to the auditors on the amount of work required. It also 
fails to provide economically sound methods of assessing the cost-benefit analysis. It is 
essential that smaller companies are not faced with having to complete a “checklist” of 
internal controls driven by auditor prescribed terms. Instead, the management's 
assessment process and the external audit procedures must be integrated with the 


6 See, the letter from John W. White, the new and current bead of the Division of Corporation Finance at the SEC, submitted in 
connection with the SEC’s 2005 Roundtable on Section 404, availtdile at http://www.sec.Bov/news/press/4-497.shtml . 

7 SEC Chairman Cox's statement and PCAOB Chairman Olsrai’s statement at the SEC open meeting on April 4, 2007 
hup. //WWW pcaob ors/News and Eventi/Eveius'2007 Speech '04-04 Olson osp.y : 
httD://www.sec.gov/news/sDcech/2007/snch040407cc.htm . 



154 


financial statement audit processes with additional guidance on defining the scope of the 
audits. 

Only with these revisions will the implementation be folly within the original intent of 
the law. As the U.S. Senate Committee Report on Section 404 indicate the legislative 
history is clear on this point: “The Committee does not intend that the auditor’s 
evaluation be the subject of a separate engagement or the basis for increased charges or 
fees,”* If the prescriptive nature of the ASS is not revised further, smaller companies will 
continue to face the high cost burdens due to the prescriptive nature of the auditor defined 
requirements. 

• Internal control requirements should be “scaled” and “proportional” to the size of 
revenues and complexity of corporate structures. In achieving scaled and proportional 
reforms that are risk based, it is critical that Section 404 reforms establish a concrete 
basis for the required levels of internal controls. 

As recognized by the Advisory Committee in its Final Report, Section 404 reform should 
be based on revenue metric in addition to market capitalization. This approach reflects 
corporate reality in that revenues drive the complexity of corporate structures and the 
corresponding need for increased internal controls to protect against financial fraud. In 
fact, reforms should support management’s incentive to maintain an effective and 
integrated system of internal controls to produce accurate financial reports, which are 
most important to investors. 

The internal controls necessary to meet Section 404 should be integrated and consistent 
with the levels of controls necessary to meet the CEO and CFO certifications of company 
financials as required under Section 302 of SOX. 

• New rules should clearly define the meaning of materiality and risk in assessing the 
integrity of the financial statements. The rules must provide a clearly defined 
framework of assessing risk with a focus on entity level controls and more clearly defined 
materiality rules. 

The current ASS still requires qualitative materiality rules without further guidance on 
how to assess the "reasonable possibility" of a material misstatement. Given the 
prescriptive nature of ASS and the lack of clear standards, the new rules also lead to 
inefficiencies and duplicate testing of internal controls. The current ASS deters both 
management and auditors from taking a cohesive integrated risk-based approach by 
failing to provide a clear mandate for auditors to rely on the monitoring and testing done 
by the management or the internal auditors. 

For smaller companies, the lack of cohesive and integrated mechanisms to determine 


8 The Legislative History Of The Sarbanes-Oxley Art Of 2002: Accounting Reform And Investor Protection Issues Raised By 
Enron And Other Public Companies (vS. Hrg. 107-948) 



155 


materiality and risk in assessing internal controls could once again lead to an auditor 
driven process that results in high cost burdens for the companies. 

• Frequency of internal control testing should be determined by changes in 
established baseline entity-wide controls. The new ASS fails to recognize the value of 
cumulative knowledge and relevance of changes in key control areas that matter to the 
reporting of financial statements. Periodic testing or testing when a material change has 
occurred could alleviate the excessive duplication year after year that further adds to high 
cost burdens imposed by Section 404. 

• Unless and until a new reform framework is implemented, additional deferral 
should be provided for non accelerated filers and newly public companies. We fully 
support the Commission’s proposal to provide further implementation deferrals for non- 
accelerated filers (small companies under $75 million in market capitalization) and for 
newly public companies. 

Unless and until a new ASS has proven to be cost effective, risk based, scaled and 
proportional to the complexity of the companies, we believe it is critical to further delay 
both the management assessment and external auditor attestation requirements for non 
accelerated filers as well as newly public companies until a settled guidance can be 
provided and the new ASS has been implemented for a reasonable time. In fact, non 
accelerated filers and newly public companies should be required to comply with Section 
404 only after a full assessment can be made by the GAO on the cost/burden impact of 
the new ASS rules. 

Conclusion 


As a representative of one of the high-growth sectors of the U.S. economy, the MDMA members 
and I appreciate this opportunity to submit written testimony to the Committee. We believe that 
principle-based reforms that focus on cost effectiveness, that are risk based, and scaled and 
proportional to the level of company revenues and complexity of corporate structures, will 
achieve the original intent of Section 404 -internal controls that provide investors with the 
optimal level of confidence in the financial integrity of public companies. 

We thank you for your consideration of our views and we urge the Committee to request the 
Commission and PCAOB for their careful consideration of the additional reforms outlined in our 
testimony. 

Sincerely, 

Mark B. Leahey, Esq. 

Executive Director 

Medical Device Manufacturers Association 



156 


■ r.DbTLNDENT COMMUNITY 

Bankers o/America 


Statement on behalf of the 

Independent Community Bankers of America 
Washington, DC 


“Sarbanes Oxley and Small Business: 
Addressing Proposed Regulatory Changes and 
Their Impact on Capital Markets” 


United States Senate Committee on 
Small Business and Entrepreneurship 


April 18, 2007 



157 


The Independent Community Bankers of America (ICBA)‘ appreciates the opportunity to 
offer this statement before the Senate’s Small Business and Entrepreneurship Committee 
concerning the impact that the recent proposed guidance under Section 404 of the 
Sarbanes-Oxiey Act of 2002 (SOX) will have on small business and the capital markets. 
Section 404 requires publicly held companies to include an assessment by management 
of the effectiveness of a company’s financial controls and procedures in their annual 
reports and to have the company’s auditor attest to management’s assessment of the 
effectiveness of the company’s internal controls and procedures. 

The Securities and Exchange Commission (SEC) recently proposed new guidance for 
management under SOX Section 404(a) (the “SEC Guidance’’). At the same time, the 
Public Company Accounting Oversight Board (PCAOB) proposed a new internal control 
auditing standard under SOX Section AQA(V), An Audit of Internal Control Over 
Fincincial Reporlinft That Is Integrated with An Audit of Financial Statements (referred to 
hereafter as .Auditing Standard No. 5 or “AS5”), that would supersede Auditing Standard 
Number 2. The purpose of both the SEC Guidance and proposed ASS is to (1) clarify the 
requirements of SOX Section 404(a) for management and (2) simplify and scale the 
internal control audit required by Section 404(b) so that outside auditors would focus on 
those matters most important to internal control. 

Summary of ICBA’s Position 

• While the SEC Guidance and proposed ASS may curtail excessive testing of 
controls and reduce some of the unnecessary documentation required by SOX 404 
audits, ICBA still has doubts that it will reduce 404 audit costs, particularly for 
smaller public companies. 

• ICBA recommends at least another one year delay in the Section 404 due dates 
for non-accelerated filers so that they will have until the due date for their 2008 
annual report to file their management internal control reports and the due date for 
their 2009 annual report to file the auditor’s attestation report. The additional 
one->eai' delay would give the SEC and the PCAOB an opportunity to evaluate 
the impact and the cost effectiveness of their proposed guidance on accelerated 
filers and would also give non-accelerated filers that have no experience with 


’ The Independenl Community Bankers of America represents the largest constituency of community banks of all 
sizes and charier types in the nation, and is dedicated exclusively to representing the interests of the community 
bunking industry ICBA aggregates the power of its members to provide a voice for community banking interests 
in Washington, resources to enhance community bank education and marketability, and profitability options to 
help coiiimunily hunks compete in an ever-changing marketplace. 

With nearly 5,000 members, representing more than 1 8,000 locations nationwide and employing over 265,000 
-imericaiis. ICBA meiiihers hold more than SS76 billion in assets $692 billion in deposits, and more than S589 
hillion III loans io cansinners. small businesses and the agricultural community. For more information, visit 
!( B-i 's website at h u’M' icha org 



158 


Section 404 additional time to understand and apply the new guidance and 
establish a new interna! control framework. 

• To indicate that it is serious about reducing costs, ICBA believes that the SEC 
should propose a quantitative benchmark or goal for the new standard that is tied 
to a reduction in overall SOX 404 audit costs. 

• A closer alignment is needed between the broad and principles-based SEC 
Guidance and the more prescriptive ASS. Also, terms such as “material 
deficiency” and “reasonable assurance” need to be defined more clearly. The 
proposed SEC Guidance and ASS should also address the use of bank 
management reports and bank examination reports. 

• While a risk-based and scalable AS2 may reduce some of the high costs of SOX 
Section 404, ICBA still believes that smaller public companies should be partially 
or fully exempted from Section 404 in order to be competitive with larger 
companies and foreign competition. 

General Comments Concerning ASS and the SEC Guidance 

W'e commend the SEC and the PCAOB for their efforts to create a scalable, top-down 
approach for SOX 404 audits. As noted in the release for the SEC Guidance, the SEC 
Advisory Committee on Smaller Public Companies raised a number of concerns 
regarding the ability of smaller companies to comply cost-effectively with the 
requirements of SOX 404. Some of the concerns stemmed from the implementation of 
.AS2 and the fact that auditors were engaged in excessive testing of controls and requiring 
unnecessary documentation to comply with SOX 404. 

While the SEC Guidance and proposed ASS may curtail excessive testing of controls and 
reduce some of the unnecessary documentation required by SOX 404 audits, we still have 
doubts that it will reduce 404 audit costs, particularly for smaller public companies. We 
note, for instance, that .ASS has not been field tested so there is no evidence to suggest 
that, despite the proposed standard’s focus on scalability and risk-based testing, auditors 
will significantly change their audit procedures or reduce the time they take to perform a 
404 audit. 

ICBA recommends at least another one year delay in the Section 404 due dates for 
noii-accelcratcd filers so that calendar year filers will have until the due date for 
their 2008 annual report to file their management internal control reports and the 
due date for their 2009 annual report to file the auditor’s attestation report. The 

one-} car delay would accomplish several things. First, it would give the SEC and the 
PC.AGB an opportunity to evaluate the cost effectiveness of their controls on accelerated 
filers, if. for instance, the SEC Guidance and ASS have little impact on SOX 404 audit 
costs for the 2007 and 2008 accelerated filers, then the SEC and the PCAOB will have 
time to res isc the guidance and the new standard before it is fully implemented by non- 
accelerated filers. Second, a one-year delay would also give non-accelerated filers that 
has e no experience with Section 404 additional time to understand and apply the new 
guidance and establish a new internal control framework. 



159 


ICBA also believes that the SEC and the PCAOB should propose a quantitative 
benchmark or goal for the new standard that is tied to a reduction in overall SOX 
404 audit costs. For instance, the SEC should state that the goal is to reduce average 
internal control audit costs by a certain percentage — say 20%, with a commitment that if 
the revised standard does not meet that goal, then the standard will be revised further. It 
is too ambiguous for the SEC or the PCAOB to state that their goal is to increase the 
"cost effectiveness of the 404 audit” or “to eliminate unnecessary audit procedures” 
particularly when there has been no field testing of the new standard and therefore no 
assurance that it will reduce costs, A specific benchmark or goal would convey to the 
industry that the SEC and the PCAOB is serious about reducing the overall costs of SOX 
404 and is committed to achieving that goal. 

I’lic SEC Guidance and Proposed ASS Should be Better Aligned 

.As acknowledged by SEC Chairman Christopher Cox at the recent joint public hearing 
on SOX 404^ a closer alignment is needed between the broad and principles-based 
SEC Guidance and the more prescriptive ASS. Both management and auditors should 
be able to look to both documents for a consistent and detailed approach to assessing 
internal controls, ASS should focus on how to audit the company’s internal controls 
w hereas the SEC Guidance should concentrate on how an internal control framework 
should be established. 

In the case of non-accelerated filers that have not begun their SOX 404 audits, the 
temptiilion will be for management to use the more specific and detailed ASS for 
guidance rather than the SEC Guidance since it lays out more clearly what the auditors 
will expect in the way of an internal control framework. Without greater alignment 
between the SEC Guidance and ASS, we predict that the SEC Guidance would become 
less relevant to smaller public companies — exactly the scenario that the SEC wants to 
avoid — and that management would rely more on their auditors to determine how a good 
internal control framew'ork should be implemented. 

rCA also recommends that the SEC Guidance include more illustrations of how the 
guidance should be implemented particularly for smaller public companies. For 

instance, ASS indicates clearly how an auditor should assess a company’s control 
environment but the SEC Guidance only makes a passing reference to it and does not 
provide any specific evaluation criteria or any information on w'hat constitutes a poor 


“ l lie Securities and Exchange Commission met at a public meeting on April 4, 2007, The Commissioners 
urged the .SIX' staff to conlmtie to work closely with the PCAOB to make the internal controls provisions 
of SO.X 404 more efficienl and cost effective. The Commissioners also directed the staff to focus the 
remaining vtork in four areas: aligning ASS with the SEC's proposed new management guidance under 
Section 404, particularly with regard to prescriptive requirements, definitions and terms; scaling the 404 
atidit to account for the particular facts and circumstances of companies, particularly smaller companies, 
encouraging auditors to use professional judgment in the 404 process, particularly in using risk-assessment; 
and following a principles-based approach to determining when and to what extent the auditor can use the 
w ork of others 



160 


control environment. ASS lists a number of specific factors for identifying significant 
accounts but the SEC Guidance has no parallel guidance for management and has few 
illustrations to help managers identify significant accounts, ASS sets forth certain specific 
points for auditors to consider in evaluating the effectiveness of IT systems for smaller 
companies whereas the SEC Guidance has no such comparable discussion of IT systems. 

Defined Terms Need to be Clearer 

While we agree that the SEC and the PCAOB have made some progress in clarifying 
some of the defined terms used in AS2, we believe there is more room for improvement. 
Specifically, there will still be confusion about what constitutes a “material weakness” 
and how management should identify material weaknesses, AS2 currently defines a 
material weakness as a control deficiency, or a combination of control deficiencies, that 
result in more than a remote likelihood that a material misstatement of the company’s 
annual or interim financial statements will not be prevented or detected. In the proposed 
ASS and SEC Guidance, the SEC and the PCAOB use the same definition but substitute 
"reasonable possibility” for “more than a remote chance.” 

While "reasonable possibility” is clearer than “more than a remote chance” and possibly 
raises the threshold to some degree, the definition still requires management and auditors 
to prove a negative — that no material weaknesses exist — as opposed to affirmatively 
proving the effectiveness of internal controls. This negative approach — proving that no 
material weaknesses exist — places an enormous burden on auditors and management who 
must attest to the internal control over financial reporting and encourages them to be very 
eonsert alit e tvith their testing and documentation. 

ICBA believes a more precise definition of “material deficiency” is needed that is tied to 
the impact on a company’s earnings. Last year, ICBA supported the COMPETE Act,^ 
introduced by Rep, Tom Feeney (R-Fla.), that directed the SEC and the PCAOB to use a 
.5% de minimus standard (e.g., 5% of profits) under AS2 for noting material deficiency. 
]-’urthermore, if management and the auditors must prove the negative — that there are no 
"material deficiencies” in their internal controls — then there should be greater clarity as 
to how companies both large and small can achieve that goal. The guidance should also 
indicate at what point a combination of control deficiencies give rise to a material 
w eakness. Illustrations of different control deficiencies that rise to a materia! weakness 
would be useful. Both the SEC Guidance and ASS should be clear enough so that 
management does not have to consult with their auditors every time there is an issue 
about a "material deficiency.” 

riierc are other examples of defined terms that need to be clarified. For instance, the 
SEC (iiiidance indicates that management is required to assess whether a company’s 
internal controls are effective in providing “reasonable assurance” regarding the 
reliability of financial reporting. “Reasonable assurance” is defined as assurance that 
would "satisfy prudent officials in the conduct of their own affairs,” This definition is 
entirely too vague. At a minimum, the SEC should provide illustrations so that 


HR ,S4()4, known as the "Competitive and Open Markets that Protect and Enhance the Treatment of 
l-ntrepfcncurs Ac!.'' 



161 


companies have a clearer idea of what it means to be “reasonably assured.” As 
mentioned above, the guidance should be clear enough that management does not have to 
constantly refer to experts (i.e., an outside auditor) to understand the definitions. 

The “Principal Evidence” Provision in AS2 Should Be Eliminated 

I (BA commends the PCAOB for proposing a new auditing standard. Considering and 
i'siiig ihc Work of Others in an Audit, which would replace AU section 322 and provide 
direction to auditors for using the work of others in both the audit of internal control 
reporting and the audit of the financial statements. We agree that a single, unified 
framework for the auditor’s use of the w'ork of others would remove barriers to the 
integration of the internal control audit and the audit of financial statements. We 
understand that the new standard will replace the provisions in AS2 that dealt with using 
the work of others. 

We also applaud the PCAOB for eliminating (or not including in the new standard) the 
"principal evidence” provision in AS2 which required the auditor’s own work to provide 
the principal evidence for the auditor’s opinion. The “principal evidence” provision 
contributed to the high cost of SOX 404 audits because it was interpreted by many 
auditors to mean that under no circumstances could the auditor rely on the work of others, 
for instance, the work of internal auditors was often ignored by outside auditors because 
of the "principal evidence” provision in AS2. 

1 he SEC Guidance and ASS Should Address Bank Management and Examination 
Reports 

Besides being examined periodically for compliance and safety and soundness, banks are 
also subject to the internal control requirements of Section 36 of the Federal Deposit 
Insurance Corporation Improvement Act of 1991 (FDICIA) and Part 363 of the FDIC 
regulations. ICBA recommends that the proposed new standard and SEC Guidance 
atldress the use by management and by auditors of bank internal control management 
i-eports and bank examination reports. These reports provide valuable insight into a 
bank's internal controls and cover many of the same issues that are required under 
proposed .‘\S5. 


I'he SEC Guidance Should Provide a Clear Safe-Harbor for Management 

.'\s proposed, the SEC Guidance says that the proposed amendments to Rules 1 3a- 1 5(c) 
and 1 5d-l 5(c) will make the SEC Guidance “similar” to a non-exclusive safe-harbor. 
ICB.A recommends that the SEC provide a clear safe harbor for management under the 
Securities and Exchange Act of 1934 provided that management has complied wdth all 
aspects of the SEC Guidance. A clear safe harbor would make it more likely that 
management will detect material weaknesses and disclose them since management will 
realize that it has some legal protection under the Exchange Act. Furthermore, 
nxinagement will be more likely to rely on its own interpretation of the guidance and not 
constantly seek advice from auditors. 



162 


The SliC rules contain a number of safe harbors that have been very successful, including 
Rule 144A under the Securities Act of 1933 which provides a safe harbor from 
registration for re-sales of privately placed securities to qualified institutional buyers and 
Regulation I), which is a safe harbor from registration for certain private placements of 
securities. In each case, these safe harbors have provided a clear way for parties to 
comph' under the securities laws. The SEC should provide a clear safe harbor for 
ireinagement under the Exchange Act that provides legal protection similar to these other 
safe harbors. 

Even With a Scalable .AS5, ICBA Endorses a Small Company 404 Exemption 

ICBA commends the SEC and the PCAOB for their endorsement of a scalable approach 
to SOX 404 audits. Proposed ASS, for instance, does include a section on scalability that 
discusses the six areas of the audit that are often affected by the attributes of smaller, 
Icss-complex companies. For each of these areas, the proposed standard describes the 
principles the auditor should apply in order to obtain sufficient competent evidence in a 
rctisonablc manner. We understand that this part of the proposed ASS will provide the 
foundation for planned guidance on auditing internal control in smaller companies to be 
issued later this year. 

While a risk-based and scalable AS2 may reduce some of the high costs of SOX 
Section 404, ICBA still believes that smaller public companies should be partially or 
fully exempted from Section 404 in order to be competitive with larger companies 
and foreign competition. Even with a revised auditing standard, we believe that smaller 
public companies would still be subject to unnecessarily extensive auditing of detailed 
control processes under Section 404 by auditors unduly concerned about their liability 
and being second guessed by the PCAOB. 

1CB.4 strongh endorses the primary recommendations of the SEC’s Advisory 
Committee on Smaller Public Companies including (a) exempting micro-cap 
companies (with equity capitalizations of S128 million or less) that have revenue of 
less than SI25 million from the internal control attestation requirements of SOX 
Section 404 and (b) exempting small-cap companies (with equity capitalizations of 
between S128 million and S787 million) that have revenue of less than S250 million 
from the external audit requirements of SOX Section 404. We agree with the 
Advisoiy Committee that with more limited resources, fewer internal personnel and less 
revenue with which to offset the costs of Section 404 compliance, both micro-cap and 
small -cap companies have been disproportionately impacted by the burdens associated 
\\ ilh Section 404 compliance. We also agree that the benefits of documenting, testing 
and certifying the adequacy of internal controls, while of obvious importance for large 
eompanie.s, tire of less value for micro-cap and small-cap companies, that rely to a greater 
tlegrec on “tone at the top" and high-level monitoring controls, to influence accurate 
financial reporting. 

The proportionately larger costs for smaller public companies to comply with Section 404 
advci seh affect their abilitx to compete with larger public companies and even with 
foreign competition. This reduction in the competitiveness of U.S. smaller public 
companies hurts their capital formation ability and, as a result, hurts the U.S. economy. 



163 


l or communit)' banks. Section 404 costs have been particularly significant. ICBA’s 2005 
surw) of Section 404 costs for community banks revealed that the average community 
bank would spend during 2005 more than $200,000 and devote over 2,000 internal staff 
hour.s 10 comply with Section 404, These costs far outweigh the benefits for these small 
companies. 

Conclusion 

Since proposed AS5 lias not been field tested, ICBA recommends at least another one 
year delay in the Section 404 due dates for non-acce!erated filers so they will have until 
the due date for their 2008 annual report to file their management internal control reports 
and the due date for their 2009 annual report to file the auditor’s attestation report. To 
indicate that it is serious about reducing costs, ICBA also believes that the SEC should 
propose a quantitative benchmark or goal for the new standard that is tied to a reduction 
in overall SOX 404 audit costs. While a risk-based and scalable AS2 may reduce some 
of the high costs of SOX Section 404, ICBA still believes that smaller public companies 
.should be partially or fully exempted from Section 404 in order to be competitive with 
larger companies and foreign competition. 

ICB.A appreciates the opportunity to offer this statement before the Senate Small 
Business and Entrepreneurship Committee concerning the impact that the recent 
proposed guidance under Section 404 of the Sarbancs-Oxley Act will have on small 
business and the capital markets. 


’ I'or a compleie description of ICBA’s Section 404 Survey of Community Banks, see ICBA’s comment 
letter to the SEC dated March 3 1 , 2005 concerning the formation and goals of the Advisory Committee. 


o 



